With only three "critical" vulnerabilities to patch in June, you'd think that it was going to be an easy week for system administrators -- but you'd be wrong.
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-2697 Improper Input Validation vulnerability
6.8
Foomatic
Solaris 11
11/11 SRU 8.5
Solaris 10
Contact Support
Solaris 9
Contact Support
CVE-2011-2964 Improper Control of Generation of Code ('Code Injection') vulnerability
6.8
This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.
Microsoft says it's working on a patch for a security vulnerability discovered in some 64-bit versions of Windows and Windows Server, but downplays the risk of system takeovers.
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2014-0191 Denial of Service(DOS) vulnerability
null
Libxml2
Solaris 11.2
11.2.1.5.0
This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-3648 Cross-site scripting (XSS) vulnerability
4.3
Thunderbird
Solaris 11
11/11 SRU 04
CVE-2011-3650 Denial of Service(DoS) vulnerability
9.3
CVE-2011-3651 Denial of Service(DoS) vulnerability
10.0
CVE-2011-3652 Denial of Service(DoS) vulnerability
10.0
CVE-2011-3654 Denial of Service(DoS) vulnerability
10.0
CVE-2011-3655 Access Control vulnerability
9.3
This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.
On 11.10:
I know how to remove the email & u1 entries using blacklist/remove from /usr/share/blablabla_youknowwhere
but I see no entries or solutions on how to remove only the status entries, as I dont use any IMs, only mail & u1.
I suspect its hardcoded, please let me be wrong. but if it is so, maybe someone enlightened got a diff/patch, although I fear it will lead to dependency hell (compiling wise)
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-5526 Configuration vulnerability
5.0
Perl
Solaris 10
Patches planned but not yet available
Solaris 11.1
11.1.7.5.0
Solaris 9
Patches planned but not yet available
This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-4516 Denial of Service (DoS) vulnerability
6.8
Ghostscript
Solaris 10
SPARC: 122259-06 X86: 122260-06
Solaris 11
11/11 SRU 6.6
CVE-2011-4517 Denial of Service (DoS) vulnerability
6.8
This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-2111 Permissions, Privileges, and Access Controls vulnerability
6.5
Samba
Solaris 11
11/11 SRU 8.5
Solaris 10
Contact Support
This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.
Security professionals need to be aware of metrics like percent of patch saturation over time and security events by demographic, as well as other key measuring points.
Security professionals need to be aware of metrics like percent of patch saturation over time and security events by demographic, as well as other key measuring points.
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-0050 Denial of Service (DoS) vulnerability
5.0
OpenSSL
Solaris 11
11/11 SRU 4a
This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-3439 Denial of Service (DoS) vulnerability
9.3
FreeType Font Engine
Solaris 11
Contact Support
Solaris 10
SPARC: 119812-14 X86: 119813-16
Solaris 9
Contact Support
This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.
With effect from June 02, 2014 the new state of Telangana will be operational in the Indian Union.Details of the new state are explained in the official gazette released on 1 March, 2014 by the Ministry of Home Affairs: http://mha.nic.in/sites/upload_files/mha/files/APRegACT2014_0.pdf This new State has been added in the IN_STATES System Lookup: a new lookup code 'TG' with meaning 'Telangana' has been added.For available patches on different R12 patch levels check out: Doc ID 1676224.1 New State Telangana Be Added In IN_STATES System Lookup.
Firefox 3.6.13 est disponible, et propose de petites améliorations en sécurité et stabilité
Mise à jour du 10.12.2010 par Katleen
Mozilla propose désormais la version 3.6.13 de Firefox. Il s'agit d'une mise à jour mineure, qui patch juste quelques problèmes de sécurité tout en améliorant la stabilité du navigateur.
L'update peut se faire directement via la fonction de mise à jour automatisée du logiciel , ou bien en téléchargeant la version 3.6.13 pour Windows, Mac ou Linux.
Les vulnérabilités corrigées sont :
Citation:
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-2524 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability
5.0
libsoup
Solaris 11
11/11 SRU 11.4
This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-2728 Denial of Service Vulnerability
4.3
Perl
Solaris 10
SPARC: 146032-03 X86: 146033-03
Solaris 11
11/11 SRU 3
This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-0698 Denial of Service (DoS) vulnerability
5.0
tcsd
Solaris 11
11/11 SRU 13.4
This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-3401 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability
6.8
libtiff
Solaris 11
11/11 SRU 12.4
Solaris 10
Contact Support
This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-3597 Improper Input Validation vulnerability
7.5
Perl
Solaris 10
SPARC: 146032-04 X86: 146033-04
Solaris 11
Contact Support
This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-3146 Denial of Service (DoS) vulnerability
6.8
librsvg
Solaris 11
11/11 SRU 8.5
This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2014-3473 cross-site scripting (XSS) vulnerability
4.3
OpenStack Horizon
Solaris 11.2
11.2.1.5.0
CVE-2014-3474 cross-site scripting (XSS) vulnerability
4.3
CVE-2014-3475 cross-site scripting (XSS) vulnerability
4.3
This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-3236 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability
4.3
Gimp
Solaris 10
Contact Support
Solaris 11
11/11 SRU 11.4
This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-5166 Denial of Service vulnerability
7.8
BIND
Solaris 11
Contact Support
Solaris 10
SPARC : 119783-25 x86 : 119784-25
Solaris 9
Contact Support
This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-0841 Denial of Service (DoS) vulnerability
5.0
libxml2
Solaris 11
11/11 SRU 10.5
Solaris 10
SPARC: 125731-08 X86: 125732-08
Solaris 9
SPARC: 114014-29 X86: 114015-29
This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.