Tuesday May 21, 2013

CVE-2012-4429 Information Leak / Disclosure in vino

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-4429 Information Exposure vulnerability 5.0 vino
Solaris 11.1 11.1.7.5.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2012-4564 Design Error vulnerability in GIMP

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-4564 Design Error vulnerability 6.8 GIMP
Solaris 11.1 11.1.7.5.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities fixed in Wireshark 1.8.4

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-6052 Information Exposure vulnerability 5.0 Wireshark
Solaris 11.1 11.1.7.5.0
CVE-2012-6053 Numeric Errors vulnerability 5.0
CVE-2012-6054 Numeric Errors vulnerability 5.0
CVE-2012-6055 Numeric Errors vulnerability 5.0
CVE-2012-6056 Numeric Errors vulnerability 5.0
CVE-2012-6057 Numeric Errors vulnerability 5.0
CVE-2012-6058 Numeric Errors vulnerability 5.0
CVE-2012-6059 Improper Input Validation vulnerability 5.0
CVE-2012-6060 Numeric Errors vulnerability 5.0
CVE-2012-6061 Numeric Errors vulnerability 5.0
CVE-2012-6062 Improper Input Validation vulnerability 5.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2013-1667 Denial of Service (DoS) vulnerability in Perl 5.16

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2013-1667 Denial of Service (DoS) vulnerability 7.5 Perl 5.16
Solaris 11.1 11.1.7.5.0

Oracle acknowledges with thanks, Ricardo Signes from cpan.org for bringing this issue to our attention.

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2013-1667 Denial of Service (DoS) vulnerability in Perl 5.12

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2013-1667 Denial of Service (DoS) vulnerability 7.5 Perl 5.12
Solaris 11.1 11.1.7.5.0

Oracle acknowledges with thanks, Ricardo Signes from cpan.org for bringing this issue to our attention.

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2013-1667 Denial of Service (DoS) vulnerability in Perl 5.8

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2013-1667 Denial of Service (DoS) vulnerability 7.5 Perl 5.8
Solaris 10 SPARC: 148561-04 X86: 148562-04
Solaris 11.1 11.1.7.5.0

Oracle acknowledges with thanks, Ricardo Signes from cpan.org for bringing this issue to our attention.

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities in Samba Web Administration Tool (SWAT)

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2013-0213 Clickjacking vulnerability 2.9 Samba
Solaris 10 SPARC: 119757-27 X86: 119758-27
Solaris 11.1 11.1.7.5.0
CVE-2013-0214 Cross-site request forgery (CSRF) vulnerability 2.9

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Tuesday May 07, 2013

CVE-2013-0169 Lucky Thirteen vulnerability in VirtualBox Extension pack

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2013-0169 SSL/TLS: CBC padding timing attack aka the "Lucky Thirteen" vulnerability 2.6 VirtualBox Extension pack
Oracle VM VirtualBox 4.1 Oracle VM VirtualBox Extension Pack 4.1.26
Oracle VM VirtualBox 4.2 Oracle VM VirtualBox Extension Pack 4.2.12

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

About

This blog provides security vulnerability fix notifications relevant to third party software components distributed and supported as part of Oracle Products.
Summarized version of this blog is available as a mapping of CVEs and solutions.

Search

Archives
« May 2013 »
SunMonTueWedThuFriSat
   
1
2
3
4
5
6
8
9
10
11
12
13
14
15
16
17
18
19
20
22
23
24
25
26
27
28
29
30
31
 
       
Today