An important vulnerability has been identified in the Adobe Flex SDK 4.5.1 and earlier 4.x versions and 3.x versions on the Windows, Macintosh and Linux operating systems. This vulnerability could lead to cross-site scripting (XSS) issues in Flex applications. Adobe recommends users of the Adobe Flex SDK 4.5.1 and earlier 4.x versions, and the Adobe Flex SDK 3.6 and earlier 3.x versions update their software, verify whether any SWF files in their applications are vulnerable, and update any vulnerable SWF files.

Missing input sanitising in the GIF decoder inside the Cups printing system could lead to Denial-of-Service (DoS) or potentially arbitrary code execution through crafted GIF files. A format string vulnerability in the Python bindings for the Clearsilver HTML template system may lead to Denial-of-Service or the execution of arbitrary code.
Updated packages are available now.

Updated kernel packages that fix multiple security issues, several bugs and one enhancement are now available for Red Hat Enterprise Linux 5. Exploiting the vulnerabilities might lead to increased privileges, access to confidential data and a Denial-of-Service (DoS).

Multiple vulnerabilities have been found in glibc. Exploiting them might allow local users to increase their privileges. Further on, a Denial-of-Service (DoS) is possible as well as unauthorized change of environment variables or finding out password hashes.
Updated packages are available now.

Updated java-1.5.0-ibm packages that fix several vulnerabilities are now available for Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 and 6.

Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns before 1.6.11 may allow remote attackers to execute arbitrary code via a Resource Record (RR) with an unknown type containing input that is longer than a specified length. New updates are available to fix this issue.

Perl is a free software scripting language interpreter. The Digest module for Perl is prone to a vulnerability that will let attackers inject and execute arbitrary Perl code. Remote attackers can exploit this issue to run arbitrary code in the context of the affected application. IBM has provided patches to resolve this issue.

Potential security vulnerabilities have been identified with HP-UX Apache Running Tomcat Servlet Engine. These vulnerabilities could be exploited remotely to disclose information, allow authentication bypass, allow Cross-Site Scripting (XSS), gain unauthorized access, or create a Denial-of-Service (DoS). The Tomcat-based Servlet Engine is contained in the HP-UX Apache Web Server Suite. HP has published software updates to resolve this issue.

When 802.11X authentication is used, NetworkManager doesn't pin a certificate's subject to an ESSID. A rogue access point could therefore be used to conduct MITM attacks by using any other valid certificate issued by the same CA as used in the original network. If password based authentication is used (e.g. via PEAP or EAP-TTLS) this means an attacker could sniff and potentially crack the password hashes of the victims. Updated packages are available now.

A potential security vulnerability has been identified with HP Operations Agent and Performance Agent for AIX, HP-UX, Linux, and Solaris. The vulnerability could be locally exploited to gain unauthorized access to a directory. HP has made patches available to resolve this vulnerability.

Updated kernel packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 6. This update is rated as important since some of the vulnerabilities can be exploited remotely.

It was discovered that Puppet, a centralized configuration management solution, misgenerates certificates if the "certdnsnames" option is used. This could lead to man in the middle attacks. Updated packages are available now.

Wireshark is a tool for analyzing networks. A buffer overflow has been discovered in Wireshark's ERF dissector. This could lead to the execution of arbitrary code. Updated packages are available now.

FreeType is a free and portable font engine that can open and manage font files. Multiple input validation flaws were found in the way FreeType processes CID-keyed fonts. If a specially-crafted font file is loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
Updated packages are available now.

A wireshark version upgrade to 1.4.10 has been published. It fixes various security flaws and other non-security issues. Exploiting them might lead to a Denial-of-Service. Updated firefox packages that fix multiple security issues are now available for SUSE Linux Enterprise Server 10 SP4 and Desktop.

VMware vSphere Update Manager is an automated patch management solution for VMware ESX hosts and Microsoft virtual machines. Update Manager embeds the Jetty Web server which is a third party component. The way the Jetty Web Server in vSphere Update Manager is configured allows for directory traversal. This issue is a variant of the directory traversal issue that was addressed in earlier versions of vSphere Update Manager. A configuration update solves this issue.

Several vulnerabilities were discovered in SystemTap, an instrumentation system for Linux. Exploiting them might lead to a race condition with privilege escalation included. The same can be achieved modifying the environment variables in stapsrun. Further on, a Denial-of-Service is possible due to insufficient validation of module unloading.
FreeType is a free and portable font engine that can open and manage font files. Multiple input validation flaws were found in the way FreeType processes CID-keyed fonts. If a specially-crafted font file is loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
Updated packages are available now.

Two vulnerabilities have been found in SPIP, a website engine for publishing, which allow privilege escalation to site administrator privileges and cross-site scripting. Updated packages are available now.

A highly compressable input file could overflow the uncompression stack in libXfont. Also, specially crafted compressed files could cause gzip(1) and compress(1) to go into an endless loop or overflow their uncompression stack. Updated packages are available now.

An unspecified vulnerability in the Juniper Junos IPv6-over-IPv4 tunnel implementation could allow a remote attacker to bypass certain security policies on encapsulated IPv6 datagrams. An upgrade to the latest version of Juniper Junos (10.2R3 or later) solves this problem.

Zenprise Device Manager is a mobile device management (MDM) software package that can be used to manage an enterprise's mobile device fleet. The Zenprise Device manager web interface is vulnerable to cross-site request forgery (CSRF) attacks. A successful CSRF attack against an admin user will allow a remote attacker to run commands as the admin user on any device managed by Zenprise Device Manager. By tricking a logged in admin user to visit a specially crafted URL, a remote attacker may be able to access any managed device as the admin. The attacker can then perform any action an admin can, including remotely wiping the device. Zenprise has released a patch to address this issue.

Updated firefox packages that fix multiple security issues are now available for SUSE Linux Enterprise Server 11 SP1 and Desktop as well as for SUSE Linux Enterprise Software Development Kit 11 SP1.

CA Technologies Support is alerting customers to a potential risk with CA Directory. A vulnerability exists that can allow a remote attacker to cause a Denial-of-Service condition due to insufficient bounds checking. A remote attacker can send a SNMP packet that can cause a crash. Remediation is available to address the vulnerability.

A potential security vulnerability has been identified with HP-UX running SAM. This vulnerability could be locally exploited to create an increase in privilege. HP has published upgrades to resolve this issue.

WMQ V6 on OVMS could allow local non-privileged users to execute some MQ control commands on the system. This happens when a MQM group default rights is set on the system. By logging in as a low privileged user, an attacker could exploit this vulnerability to execute arbitrary MQ control commands on the system. The fix of this APAR is going to be incorporated in next fixpack release WMQ-V6.0.2.11 on OpenVMS Alpha and Ia64.

FreeType is a free and portable font engine that can open and manage font files. Multiple input validation flaws were found in the way FreeType processes CID-keyed fonts. If a specially-crafted font file is loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Updated packages are available now.
JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. The new release of JBoss Enterprise SOA Platform 5.2.0 serves as a replacement for JBoss Enterprise SOA Platform 5.1.0. It includes various bug fixes and enhancements which are detailed in the JBoss Enterprise SOA Platform 5.2.0 Release Notes. Besides this, some security vulnerabilities have been fixed in this version.

BIND is a very often used DNS Server. It was discovered that BIND crashes while processing certain sequences of recursive DNS queries, leading to a Denial-of-Service (DoS). Authoritative-only server configurations are not affected by this issue. Updated versions solve this problem.

ProFTPD is a widely used FTP Server. ProFTPD incorrectly uses data from an unencrypted input buffer after encryption has been enabled with STARTTLS. Further on, it uses a response pool after freeing it under exceptional conditions, possibly leading to remote code execution. Updated packages are available now.

Poppler is a PDF rendering library based on the xpdf-3.0 code base. 17 CVE entries from 2009 are cited by Mandriva regarding vulnerbilities in poppler. Now, with an update these security vulnerabilities can be corrected.

As reported before (ae-201109-036), several vulnerabilities have been found in the Adobe Acrobat reader. Now, version 9.4.6 is available for Unix, too.

iTunes periodically checks for software updates using an HTTP request to Apple. This request may cause iTunes to indicate that an update is available. Due to an error handling HTTP respones, a man-in-the-middle attacker may offer software that appears to originate from Apple. It's recommended to install iTunes 10.5.1 now.

Potential security vulnerabilities have been identified with HP StorageWorks P4000 Virtual SAN Appliance. The vulnerabilities could be remotely exploited resulting in execution of arbitrary code. HP has published updates to resolve this issue.

A potential security vulnerability has been identified with HP Directories Support for ProLiant Management Processors for Integrated Lights-Out iLO2 and iLO3. The vulnerability could be remotely exploited to allow unauthorized access to the iLO2 or iLO3. HP has made an update and/or workaround available to resolve this vulnerability.

Several security issues were identified and fixed in openjdk (icedtea6) and icedtea-web. Since exploiting these might allow untrusted Java applets to affect confidentiality, integrity, and availability via different vectors related to several topics, an immediate update is recommended.

Critical vulnerabilities have been identified in Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 11.0.1.153 and earlier versions for Android. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. It's strongly recommended to install updated versions that are available now.

Symantec has provided updates for the Gear Software driver GEARAspiWDM.sys in affected versions of supported Symantec products. This update addresses a possible local access Denial-of-Service (DoS) system crash.

Importing a specially-crafted XML file which contains an XML entity injection permits to retrieve a local file (limited by the privileges of the user running the web server). The attacker must be logged in to MySQL via phpMyAdmin. An upgrade to phpMyAdmin 3.4.7.1 or newer (or 3.3.10.5) is recommended, but also patches are available.

It was found that the Malaysia-based Digicert Sdn. Bhd. subordinate Certificate Authority (CA) issued HTTPS certificates with weak keys. An update renders any HTTPS certificates signed by that CA as untrusted.

Potential security vulnerabilities have been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in cross site scripting (XSS). HP has made a patches available to resolve these vulnerabilities for NNMi 9.0x. HP has made hotfixes available to resolve these vulnerabilities for NNMi 9.1x.

Time Capsule and AirPort Base Station (802.11n) Firmware 7.6 is now available. It addresses an issue in the DHCP client. It allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. This issue is addressed by stripping shell meta-characters in dhclient-script.

Several vulnerabilities have been found in Apple iOS. From now on, Apple iOS 5.0.1 is available. It addresses security issues as well as other problems. So it should be installed on the mobile device.

A vulnerability has been discovered in Apache, a web server. The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a Denial-of-Service (DoS) via a malformed HTTP request. Several security issues were identified and fixed in Mozilla NSS, Firefox and Thunderbird. They might lead to e.g. Denial-of-Service, Cross-Site Scripting (XSS) or remote code execution.
Updated packages are available now.

A buffer overflow affecting Mitsubishi MX4 Supervisory Control and Data Acquisition (SCADA) has been reported. Upon further investigation, MX4 SCADA was found to be a version of CitectSCADA, a product offered by Schneider Electric. The Advisory includes a full list of known affected products.
A buffer overflow vulnerability resides in a third-party component used by the CitectSCADA and MX4 SCADA Batch products. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code.
Updates are available now.

The Dell KACE K2000 Deployment Appliance is an integrated systems provisioning product for large-scale operating systems deployment. Some versions of the product contain a backdoor administrator account with a fixed password, accessible via the administrative web interface of the device. Furthermore, the backdoor account is not visible from, and cannot be removed via the appliance's administrative web interface. Further on, several components that support the administrative web interface supplied with the system are vulnerable to reflected (i.e., non-persistent) script injection. These Cross-Site Scripting (XSS) attacks can be carried out by sending a user to the script, e.g. by link or E-Mail.
A solution is currently not available.

Three vulnerabilities have been found in Novell ZENworks 10, Novell ZENworks 11, and Novell ZENworks AdminStudio. All of them might allow remote code execution. The vulnerabilities are located in ActiveX Controls and the Software Packaging, respectively. A corresponding fix is available now.

Vulnerabilities have been found in the Drupal Third Party Modules Quiz, CKEditor, and Webform CiviCRM Integration. They allow remote attackers to initiate Cross-Site Scripting (XSS), Access bypass and other possibilities. Patches are available now. Please be aware that Drupal Core is not affected.

Potential security vulnerabilities have been identified with HP Integrated Lights-Out iLO2 and iLO3 running SSL/TLS. The vulnerabilities could be remotely exploited to create a Denial-of-Service (DoS) or unauthorized modification. HP has made Firmware updates available to resolve the vulnerabilities.

Vulnerabilities in iceweasel, iceape, and icedove might lead to Cross-Site Scripting (XSS) attacks, increased privileges and remote execution of arbitrary code. For OpenSSL an update responds on weak certificates that were issued by the Malaysian intermediate CA "Digicert Sdn. Bhd.". It's necessary to revoke the CAs cross-signed certificates. Further on, it has been found out that the Piston framework can deserialize untrusted YAML and Pickle data, leading to remote code execution.
Updated packages are available now.

The Network Security Services (NSS) is a set of libraries designed to support the development of security-enabled client and server applications. It was found that the Malaysia-based Digicert Sdn. Bhd. subordinate Certificate Authority (CA) issued HTTPS certificates with weak keys. An update renders any HTTPS certificates signed by that CA as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signing. Note: Digicert Sdn. Bhd. is not the same company as found at digicert.com.

Due to a manufacturing error, Cisco TelePresence System Integrator C Series and Cisco TelePresence EX Series devices that were distributed between November 18th, 2010 and September 19th, 2011 may have the root account enabled. New updates are available.

The Servlets that implement the functionality of the Manager application that ships with Apache Tomcat should only be available to Contexts that are marked as privileged. However, this check was not being made.This allowed an untrusted web application to use the functionality of the Manager application. This could be used to obtain information on running web applications as well as deploying additional web applications. To mitigate the risk upgrade to version 7.0.22 or later.

Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6.

Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6 Supplementary.

A new Java update for Mac OS X is available. This update eliminates several known vulnerabilities.

Critical vulnerabilities have been identified in Adobe Shockwave Player 11.6.1.629 and earlier versions on Windows and Macintosh platforms. These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. A new updates is available.

The LDAP over SSL implementation in Active Directory, Active Directory Application Mode, and Active Directory Lightweight Directory Service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists, which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account. New updates are available.

Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory. New updates are available.

Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (Dos) via a crafted TrueType font file. New updates are available.

Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port. Updates are available to address this issue.

Crypt_blowfish before 1.1 does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash. New packets are available.

A new update to the NSS cryptographic libraries revokes the trust in the "DigiCert Sdn. Bhd" certificate authority and also fixes an insecure load path for pkcs11.txt configuration file.

Several cross-site scripting and information disclosure issues have been fixed in Moodle, a course management system for online learning.

An integer signedness error in decode_residual_block function of the Chinese AVS video decoder in libavcodec can lead to denial of service or possible code execution via a crafted CAVS file. Multiple errors in the Chinese AVS video (CAVS) decoder can lead to denial of service via an invalid bitstream. A memory allocation problem in the Matroska format decoder can lead to code execution via a crafted file. New packets are available.

The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream. A new update is available.

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character. The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request. The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges. New packets are available for download.

The pam_env module is vulnerable to a stack overflow and a denial of service (DoS) condition, when parsing users andpam_environment files. Additionally a missing return value check inside pam_xauth has been fixed. New packets are available for download.

Specially crafted RPM packages could have caused memory corruption in rpm, when verifying signatures. New updates are available to address this issue.

Multiple vulnerabilities habe been identified in OpenSSL. These vulnerabilities may lead to the execution of arbitrary code, denial of service (Dos) attacks, and may allow attackers to access confidential data. New updates are available for download.

Potential security vulnerabilities have been identified with HP OpenVMS TCP/IP Services running SMTP server. The vulnerabilities could result in a remote Denial of Service (DoS). New updates are available.

Several vulnerabilities were discovered in the Xen virtual machine hypervisor. These vulnerabilities may lead to denial of service (DoS) attacks and the execution of arbitrary code. New updates are available.

It was discovered that the Debian-native CGI wrapper for man2html, a program to convert UNIX man pages to HTML, is not properly escaping user-supplied input when displaying various error messages. A remote attacker can exploit this flaw to conduct cross-site scripting (XSS) attacks. A new update is available.

Several flaws were found in mahara, which may lead to denial of service (Dos), cross-site scripting (XSS) and cross-site forgery request attacks. New updates are available.

EMC Documentum eRoom contains a possible vulnerability which can be potentially exploited to upload arbitrary files to the system. A new update is available for download.

A vulnerability was detected in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. For an attack to be successful, a user must open an attachment that is sent in an e-mail message.

RSA has delivered an update on RSA Key Manager Appliance 2.7 Service Pack1 that includes security related component updates including Oracle Critical Patch Update (CPU) July 2011 and RSA Access Manager Server, security vulnerability fix, hot fix roll-ups and bug fixes. Appliance user session is not terminated properly after logout using Firefox 4 and 5.

Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM) running Apache. The vulnerabilities could be exploited remotely to create a Denial-of-Service (DoS). HP has provided Apache-2.2.21 to resolve the vulnerabilities.

Vulnerabilities have been found in the Drupal Third Party Modules Views and HotBlocks. They allow remote attackers to initiate Cross-Site Request Forgery (CSRF) and the execution of arbitrary code. Additionally users with an existing account are able to carry out Cross-Site Scripting (XSS) attacks. Patches are available now. Please be aware that Drupal Core is not affected.

Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap-based buffer overflow flaw was found in the way Perl decodes Unicode strings. An attacker could create a malicious Unicode string that, when decoded by a Perl program, would cause the program to crash or, potentially, execute arbitrary code with the permissions of the user running the program. Further on, the "new" constructor of the Digest module uses its argument as part of the string expression passed to the eval() function. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl program that uses untrusted input as an argument to the constructor.
Updated packages are available now.

Cisco Small Business SRP500 Series Services Ready Platforms contain an operating system command injection vulnerability. The vulnerability can be exploited via a remote session to the Services Ready Platform Configuration Utility web interface. Cisco has released free software updates that address this vulnerability.

Updated php53 and php packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. Exploiting them might lead to remote and unauthenticated Denial-of-Service, arbitrary code execution and also a reduced security. So it's recommended to install this update.

Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). A use-after-free flaw has been found in the way Openswan's pluto IKE daemon uses cryptographic helpers. A remote, authenticated attacker could send a specially-crafted IKE packet that would crash the pluto daemon, meaning a Denial-of-Service (DoS). This issue only affects SMP (symmetric multiprocessing) systems that have the cryptographic helpers enabled.
Updated packages are available for Red Hat Enterprise Linux 5 and 6.

Two vulnerabilities have been discovered in phpLDAPadmin, a web based interface for administering LDAP servers. Input appended to the URL in cmd.php (when "cmd" is set to "_debug") isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Input passed to the "orderby" parameter in cmd.php isn't properly sanitised in lib/functions.php before being used in a "create_function()" function call. This can be exploited to inject and execute arbitrary PHP code.
Updated packages are available now.

Updated Kernel packages are available for Red Hat Enterprise Linux Server 5. They fix problems that might lead to remote unauthorized access or a local Denial-of-Service (DoS). Additionally, misleading information might be privided. So it's recommended to install the updated packages.

Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). The vulnerabilities could be exploited remotely to execute arbitrary code under the context of the user running the web server. HP has made patches available to resolve the vulnerabilities for NNM v7.53.