Tuesday Jul 16, 2013

Multiple vulnerabilities in Apache HTTP Server 1.3

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-4317 Improper Input Validation vulnerability 4.3 Apache HTTP Server 1.3
Solaris 8 SPARC: 116973-10 X86: 116974-10
Solaris 10 SPARC: 122911-30 X86: 122912-30
Solaris 9 SPARC: 113146-15 X86: 114145-14
CVE-2012-0053 Permissions, Privileges, and Access Controls vulnerability 4.3

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2011-3368 Improper Input Validation vulnerability in Apache HTTP Server 1.3

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-3368 Improper Input Validation vulnerability 5.0 Apache HTTP Server 1.3
Solaris 8 SPARC: 116973-10 X86: 116974-10
Solaris 10 SPARC: 122911-27 X86: 122912-27
Solaris 9 SPARC: 113146-14 X86: 114145-13

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities in Apache HTTP Server

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-0419 Denial of Service (DoS) vulnerability 4.3 Apache HTTP Server
Solaris 8 SPARC: 116973-10 X86: 116974-10
Solaris 10 SPARC: 122911-26 X86: 122912-26
Solaris 9 SPARC: 113146-14 X86: 114145-13
CVE-2011-1928 Denial of Service (DoS) vulnerability 4.3

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities in libexif

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-2812 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 6.4 libexif
Solaris 10 SPARC: 121095-04 X86: 121096-04
Solaris 11 11/11 SRU 12.4
CVE-2012-2813 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 6.4
CVE-2012-2814 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 7.5
CVE-2012-2836 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 6.4
CVE-2012-2837 Numeric Errors vulnerability 5.0
CVE-2012-2840 Numeric Errors vulnerability 7.5
CVE-2012-2841 Numeric Errors vulnerability 7.5
CVE-2012-2845 Numeric Errors vulnerability 6.4

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Lucky Thirteen vulnerability in Solaris OpenSSL

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2013-0166 Cryptographic Issues vulnerability 5.0 OpenSSL
Solaris 10 SPARC: 148071-12, 150383-02 X86: 148072-12
Solaris 11.1 11.1.7.5.0
Solaris 9 SPARC: 117123-11
CVE-2013-0169 Cryptographic Issues vulnerability 5.0

Please note: SPARC: 148071-12 X86: 148072-12 deliver the fix for OpenSSL (SUNWcry and SUNWopenssl-packages). SPARC: 150383-02 and 117123-11 deliver the fix for WAN Boot (SUNWwbsup and SUNWcakr-packages).

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Tuesday Jul 02, 2013

CVE-2011-0465 Improper Input Validation vulnerability in X.Org

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-0465 Improper Input Validation vulnerability 9.3 X.Org
Solaris 10 SPARC: 147227-01 X86: 147228-01
Solaris 9 On Request

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2012-5134 Buffer Overflow vulnerability in libxml2

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-5134 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 6.8 libxml2
Solaris 10 SPARC: 125731-10 X86: 125732-10
Solaris 11.1 11.1.7.5.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple Input Validation vulnerabilities in kerberos

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-1528 Improper Input Validation vulnerability 7.8 Kerberos
Solaris 11.1 11.1
CVE-2011-1529 Improper Input Validation vulnerability 7.8
CVE-2011-4151 Improper Input Validation vulnerability 7.8

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

About

This blog provides security vulnerability fix notifications relevant to third party software components distributed and supported as part of Oracle Products.
Summarized version of this blog is available as a mapping of CVEs and solutions.

Search

Archives
« July 2013 »
SunMonTueWedThuFriSat
 
1
3
4
5
6
7
8
9
10
11
12
13
14
15
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
   
       
Today