Gentoo Linux Security Advisory 201111-2 - Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impacts. Versions less than 1.6.0.29 are affected.
bdd25e09a3d2a79cb6d767a8541e666e1faf5d0e50b98660a81be4dbc3da723dVMware Security Advisory 2011-0013 - Update 2 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere Hypervisor (ESXi) 4.1 and ESX 4.1 addresses several security issues.
bfa44b90a996832dc4d48ee3d88431651288c9f75d7f7f82d502411d95c5dce3Red Hat Security Advisory 2011-0880-01 - This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite 5.4.1. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. Various other issues were also addressed.
23e57d99b78195d5d080dfd7d6831e809d977086b9839464c667dc791c8b7697HP Security Bulletin HPSBUX02608 SSRT100333 2 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote execution of arbitrary code, disclosure of information, and other vulnerabilities. Revision 2 of this advisory.
33d41ce683d2244b9cb2ed8bc782c9c762848f2ce03638f2d726f4593e82eabeDebian Linux Security Advisory 2141-3 - DSA-2141-1 changed the behaviour of the openssl libraries in a server environment to only allow SSL/TLS renegotiation for clients that support the RFC5746 renegotiation extension. This update to apache2 adds the new SSLInsecureRenegotiation configuration option that allows to restore support for insecure clients.
79659e879f2786c42feb3eace46bd0eaf37600fbd1d71d910d2b1d1cf02f2b5fDebian Linux Security Advisory 2141-2 - Marsh Ray, Steve Dispensa, and Martin Rex discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds backported support for the new RFC5746 renegotiation extension which fixes this issue. The updated libraries allow to use shell environment variables to configure if insecure renegotiation is still allowed.
9367f429fd7b1e5134a847e38bf501417bb0c2db300ba9b0a1a36f7e56ecbdf6Debian Linux Security Advisory 2141-1 - Marsh Ray, Steve Dispensa, and Martin Rex discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds backported support for the new RFC5746 renegotiation extension which fixes this issue. If openssl is used in a server application, it will by default no longer accept renegotiation from clients that do not support the RFC5746 secure renegotiation extension. A separate advisory will add RFC5746 support for nss, the security library used by the iceweasel web browser. For apache2, there will be an update which allows to re-enable insecure renegotiation. This version of openssl is not compatible with older versions of tor. You have to use at least tor version 0.2.1.26-1~lenny+1, which has been included in the point release 5.0.7 of Debian stable.
e51d87d1ee8b18157edde2e72dde7a519c02a7696a6328d3a164c2b081dd9c27Zero Day Initiative Advisory 10-207 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle's Java platform that utilize the ActiveX Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the plugin initializes objects. While the plugin is in a particular state, the application will fail to initialize a field that is used as a window handle. Exploitation can lead to code execution under the privileges of the application.
6749ac376d694f3501e57bddf64e120ed734cbe9431ff26af2d3c97203e4e4f0
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed