Tuesday Sep 24, 2013

Multiple vulnerabilities in MySQL

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2008-4098 Improper Link Resolution Before File Access ('Link Following') vulnerability 4.6 MySQL
Solaris 11.1 11.1.10.5.0
CVE-2008-7247 Improper Link Resolution Before File Access ('Link Following') vulnerability 6.0
CVE-2010-1626 Improper Link Resolution Before File Access ('Link Following') vulnerability 3.6
CVE-2013-1861 Buffer Errors vulnerability 5.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities in Wireshark

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2013-2486 Numeric Errors vulnerability 6.1 Wireshark
Solaris 11.1 11.1.10.5.0
CVE-2013-2487 Numeric Errors vulnerability 7.8
CVE-2013-3555 Input Validation vulnerability 5.0
CVE-2013-3556 Denial of Service (DoS) vulnerability 5.0
CVE-2013-3557 Buffer Errors vulnerability 5.0
CVE-2013-3558 Numeric Errors vulnerability 5.0
CVE-2013-3559 Numeric Errors vulnerability 5.0
CVE-2013-3560 Format String Vulnerability 5.0
CVE-2013-3561 Numeric Errors vulnerability 7.8
CVE-2013-3562 Numeric Errors vulnerability 5.0
CVE-2013-4083 Input Validation vulnerability 5.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2012-5581 Denial of Service vulnerability in LibTIFF

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-5581 Denial of Service (DoS) vulnerability in LibTIFF 6.8 LibTIFF
Solaris 11.1 11.1.10.5.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities in Poppler

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2013-1788 Denial of Service (DoS) vulnerability 6.8 Gnome
Solaris 10 SPARC: 150616-01 X86: 150617-01
Solaris 11.1 11.1.10.5.0
CVE-2013-1789 Denial of Service (DoS) vulnerability 4.3
CVE-2013-1790 Buffer Errors vulnerability 6.8

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2007-4460 Symlink attack vulnerability in id3lib (aka libid3)

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2007-4460 Symlink attack vulnerability 7.2 Gnome
Solaris 11.1 11.1.10.5.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2002-2443 Denial of Service vulnerability in Kerberos

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2002-2443 Denial of Service (DoS) vulnerability 5.0 Kerberos
Solaris 10 SPARC: 147793-09 X86: 147794-09
Solaris 11.1 11.1.10.5.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities in the PKINIT implementation in the Key Distribution Center (KDC)

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-1016 Denial of Service (DoS) vulnerability 4.3 Kerberos
Solaris 11.1 11.1.10.5.0
CVE-2013-1415 Denial of Service (DoS) vulnerability 7.1

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities in X.org

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2013-1981 Numeric Errors vulnerability 6.8 X.Org
Solaris 10 SPARC: 120201-06 119059-65 125725-03 X86: 119060-64 125720-59 125726-03 120202-07
Solaris 11.1 11.1.8.4.0
Solaris 8 Patches planned but not yet available
Solaris 9 Patches planned but not yet available
CVE-2013-1982 Numeric Errors vulnerability 6.8
CVE-2013-1984 Numeric Errors vulnerability 6.8
CVE-2013-1985 Input Validation vulnerability 6.8
CVE-2013-1995 Buffer Errors vulnerability 6.8
CVE-2013-1996 Buffer Errors vulnerability 6.8
CVE-2013-1997 Buffer Errors vulnerability 6.8
CVE-2013-1998 Buffer Errors vulnerability 6.8
CVE-2013-2002 Numeric Errors vulnerability 6.8
CVE-2013-2004 Buffer Errors vulnerability 6.8
CVE-2013-2005 Buffer Errors vulnerability 6.8
CVE-2013-2062 Numeric Errors vulnerability 6.8

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities in X.org

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2013-1987 Numeric Errors vulnerability 6.8 X.Org
Solaris 10 SPARC: 120201-06 119059-65 125725-03 X86: 119060-64 125720-59 125726-03 120202-07
Solaris 11.1 11.1.8.4.0
CVE-2013-1988 Numeric Errors vulnerability 6.8
CVE-2013-1989 Numeric Errors vulnerability 6.8
CVE-2013-1990 Numeric Errors vulnerability 6.8
CVE-2013-1992 Numeric Errors vulnerability 6.8
CVE-2013-1993 Numeric Errors vulnerability 6.8
CVE-2013-1999 Buffer Errors vulnerability 6.8
CVE-2013-2000 Buffer Errors vulnerability 6.8
CVE-2013-2001 Buffer Errors vulnerability 6.8
CVE-2013-2003 Numeric Errors vulnerability 6.8
CVE-2013-2063 Numeric Errors vulnerability 6.8
CVE-2013-2064 Numeric Errors vulnerability 6.8
CVE-2013-1986 Numeric Errors vulnerability 6.8
CVE-2013-2066 Buffer Errors vulnerability 6.8
CVE-2013-1983 Numeric Errors vulnerability 6.8

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

About

This blog provides security vulnerability fix notifications relevant to third party software components distributed and supported as part of Oracle Products.
Summarized version of this blog is available as a mapping of CVEs and solutions.

Search

Archives
« September 2013 »
SunMonTueWedThuFriSat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
25
26
27
28
29
30
     
       
Today