Updates address several vulnerabilities in VMware ESXi and ESX. Their installation is strongly recommended since a remote root exploit as well as remote code execution is possible.

Several vulnerabilities have been found in TYPO3 core. Exploiting them might allow Cross-Site Scripting (XSS) attacks, Information disclosure and other exploits. So it's recommended to update all affected systems.

A heap-based buffer overflow flaw was found in the way the CVS client handles responses from HTTP proxies. A malicious HTTP proxy could use this flaw to cause the CVS client to crash or, possibly, execute arbitrary code with the privileges of the user running the CVS client. Updated packages are available now.

It was discovered that the Tryton application framework for Python allows authenticated users to escalate their privileges by editing the Many2Many field. Updated packages are available now.

Nine vulnerabilities in Cisco IOS can now be solved by installing the latest patches.

Several potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. HP has provided Java version upgrades to resolve these vulnerabilities.

A potential security vulnerability has been identified with certain HP-UX WBEM components. The vulnerability could be exploited remotely in HP-UX 11.11 and HP-UX 11.23 to gain unauthorized access to diagnostic data. The vulnerability could be exploited locally in HP-UX 11.31 also to gain unauthorized access to diagnostic data. Patches are available now.

A potential security vulnerability has been identified with HP Performance Manager v9.00 running on HP-UX, Linux, Solaris, and Windows. The vulnerability could be exploited remotely to execute arbitrary code and to create a Denial-of-Service (DoS). HP has provided patches to resolve the vulnerability.

Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM) running Apache HTTP Server. The vulnerabilities could be exploited remotely resulting in unauthorized disclosure of information, unauthorized modification, or Denial-of-Service (DoS). HP has provided a hotfix to resolve the vulnerabilities.

The show_config_errors.php scripts did not validate the presence of the configuration file, so an error message shows the full path of this file, leading to possible further attacks. Upgrade to phpMyAdmin 3.4.10.2 or newer is recommended.

Updates address critical vulnerabilities in Adobe Flash Player 11.1.102.63 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 11.1.111.7 and earlier versions for Android 3.x and 2.x. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. So it's recommended to update as soon as possible.

Potential security vulnerabilities have been identified with HP OpenView Network Node Manager running Apache Tomcat. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS). Updated packages are available now.

A memory leak and a hash table collision flaw in expat could cause denial of service (DoS) attacks. Updated packages are available now.

A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer. A flaw was found in the way libtasn1 decoded DER data. An attacker could create a carefully-crafted X.509 certificate that, when parsed by an application that uses GnuTLS, could cause the application to crash. A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server. Updated packages are available now.

Updated openssl packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 5 and 6.

A flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input that, when parsed by an application that uses libtasn1, could cause the application to crash. Updated packages are available now.

It has been discovered that spoofed "getstatus" UDP requests are being sent by attackers to servers for use with games derived from the Quake 3 engine such as openarena. These servers respond with a packet flood to the victim whose IP address was impersonated by the attackers, causing a denial of service. Updated packages are available now.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. Updated packages are available now.

An updated rhev-hypervisor6 package that fixes two security issues and one bug is now available.

A vulnerability was reported in Red Hat Enterprise Virtualization Manager. A remote user can submit a REST API request with a specially crafted XML external entity that refers to file system resources on the target user's system. When the entity is resolved by the target RESTEasy process, the remote user can read files on the target system with the privileges of the application server process. Updated packages are available now.

Quagga, a routing software suite, contains multiple vulnerabilities that result in a Denial-of-Service (DoS) condition. An upgrade to Quagga 0.99.20.1 either through the GIT master version or by applying a patch is recommended.

Multiple vulnerabilities has been found and corrected in openssl. These vulnerabilities may lead to denial of service (DoS) attacks, or may allow context-dependent attackers to decrypt data via a Million Message Attack (MMA). Updated packages are available now.

It was discovered that GNUTLS does not properly handle truncated GenericBlockCipher structures nested inside TLS records, leading to crashes in applications using the GNUTLS library (DoS). Updated packages are available now.

It was discovered that many callers of the asn1_get_length_der function did not check the result against the overall buffer length before processing it further. This could result in out-of-bounds memory accesses and application crashes. Applications using GNUTLS are exposed to this issue. Updated packages are available now.

The file type identification tool, file, and its associated library, libmagic, do not properly process malformed files in the Composite Document File (CDF) format, leading to crashes. Updated packages are available now.

libzip (version <= 0.10) uses an incorrect loop construct, which can result in a heap overflow on corrupted zip files. This might allow access to sensitive information. A directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a encoded dot dot in a an URI. The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a Denial-of-Service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.
Updated packages are available now.

Two vulnerabilities have been found in RealPlayer. They can be exploited by remote attackers to execute arbitrary code on a vulnerable system. User interaction is required because a file or a stream needs to be opened and decoded, respectively. RealNetworks has issued updates to correct these vulnerabilities.

Raptor is a RDF parser and serializer library. It allows file inclusion through XML entities, resulting in information disclosure. Affected is software that is linked against Raptor, e.g. OpenOffice.org. For some systems an update is available now.

IBM Tivoli Endpoint Manager is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the ScheduleParam parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. It's recommended that administrators upgrade to the latest version of Tivoli Endpoint Manager.

A number of security vulnerabilities have been identified in the management web interface of Citrix XenServer vSwitch Controller. These vulnerabilities affect all currently supported versions of vSwitch Controller prior to version 6.0.2. These vulnerabilities have been addressed in a new version of the vSwitch Controller virtual appliance. Citrix recommends that customers using vSwitch Controller upgrade their virtual appliance to version 6.0.2.

A potential risk with CA ARCserve Backup for Windows has been found. A vulnerability exists that can allow a remote attacker to cause a Denial-of-Service (DoS) condition. CA Technologies has issued fixes to address the vulnerability.

Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client. They might allow remote execution of arbitrary code as well as a Cross-Site Scripting (XSS) attack. Updated packages are available now.

The LG-Nortel ELO GS24M switch web management interface authentication can be bypassed by accessing URL's for configuration web pages directly. Web pages exist that can download the current device configuration that also includes credentials in cleartext. So a remote unauthenticated attacker may be able to operate and configure the device with the permissions of an administrator. This product is considered end-of-life by the vendor and is no longer supported. As a workaround appropriate firewall rules should be configured.

Several vulnerabilities have been found in IBM WebSphere Application Server. Exploiting them might lead to remote unautorized access, Cross-Site Scripting (XSS) or Denial-of-Service (DoS). If an attacker has an existing account, modification of arbitrary files is possible. Please refer to the advisory regarding the availability of fixes.

Potential security vulnerabilities have been identified with HP Insight Control Software for Linux (IC-Linux). The vulnerabilities could be exploited remotely to execute arbitrary code or to create a Denial-of-Service (DoS). HP has provided HP Insight Control Software for Linux (IC-Linux) v7.0 to resolve the vulnerabilities.

Several vulnerabilities have been found in DB2 products. Exploiting them might lead to remote Denial-of-Service (DoS) or increased privileges. Users with an existing account might access privileged data, too. Fixes for these vulnerabilities are available for most affected and supported systems.

Two vulnerabilities have been found in the VLC media player. Using a crafted file, an attacker is able to crash the VLC media player. Arbitrary code execution could be possible on some systems. VLC media player 2.0.1 addresses this issue.

RSA, The Security Division of EMC, announces security fixes to address multiple vulnerabilities and provide enhancements in RSA enVision software. An upgrade to RSA enVision 4.1 Patch 4 solves security problems like remote code execution, unauthorized access as well as Cross-Site Scripting (XSS). So this upgrade is recommended.

A heap-based buffer overflow flaw was found in the way libpng processes compressed chunks in PNG image files. An attacker could create a specially-crafted PNG image file that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. For some systems updates are available.

JBoss Operations Network (JBoss ON) is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. An update for JBoss Operations Network 2.4.2 that fixes one security issue, as well as an update for JBoss Operations Network 3.0.1, which fixes multiple security vulnerabilities, is available now.

A memory disclosure vulnerability has been found in nginx. In previous versions of this web server, an attacker can receive the content of previously freed memory if an upstream server returned a specially crafted HTTP response, potentially exposing sensitive information.
Several vulnerabilities have been identified in Gnash, the GNU Flash player. HTTP cookies are managed in an unsafe manner. They have predictable names, so attackers can overwrite arbitrary files the user of the browser has write access to. Besides this, using specially crafted SWF files may lead to a heap based buffer overflow when such a file is opened. Additionally, temporary files in /tmp are handled in an insecure manner, allowing write access.
The Apache FCGID module, a FastCGI implementation, doesn't properly enforce the FcgidMaxProcessesPerClass resource limit, rendering this control ineffective and potentially allowing a virtual host to consume excessive resources.
Updated packages are available now.

Cross scripting and preconfigured password vulnerabilities have been reported to exist in the Quantum Scalar i500, Dell ML6000 and IBM TS3310 tape libraries. The preconfigured passwords for certain accounts are considered to be weak and could be exploited allowing an attacker user access. An attacker with access to a local user account or via malicious URL can execute arbitrary code or commands on the vulnerable system.
Upgrades for affected firmware are available now.

Updates for VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX are available. They address several security issues, so an update is recommended.

The VMware XPDM and WDDM display drivers contain buffer overflow vulnerabilities and the XPDM display driver does not properly check for NULL pointers. Exploitation of these issues may lead to local privilege escalation on View virtual desktops. A Cross-Site scripting (XSS) vulnerability in View Manager Portal may allow a remote attacker to run scripts in the victim's browser. The attacker can trigger this vulnerability by supplying a crafted URL to the victim and convincing them to click on the link.
View 5.0 isn't affected, an upgrade to View 4.6.1 is recommended. If still 4.0 is used, an upgrade is strongly recommended since for this version a patch is not planned.

The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin before 2.10.2 allows remote attackers to cause a denial of service by changing a nickname while in an XMPP chat room. The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote attackers to cause a denial of service via an OIM message that lacks UTF-8 encoding. New packets are available.

A remote crash vulnerability in Milliwatt application and a possible exploitable stack buffer overflow have been identified to Asterisk. This may allow remote attackers to execute a denial of service (DoS), or execute arbitrary code. A new patch is available for download.

An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application. New packets are available for download.

Multiple vulnerabilities in Iceweasel may allow remote attackers to execute arbitrary commands, using the applications privileges. New packets are available for download.

Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module have been identified. Cisco has released free software updates that address these vulnerabilities. Workarounds are available to mitigate some of the vulnerabilities.

Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, and the Firewall Services Module in Cisco Catalyst 6500 series devices allow remote attackers to cause a denial of service (DoS) via a crafted IPv4 PIM message, when multicast routing is enabled. A new update is available.

Buffer overflow in the Cisco Port Forwarder ActiveX control in cscopf.ocx, as distributed through the Clientless VPN feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices, allows remote attackers to execute arbitrary code via unspecified vectors. A new update is available.

Updated thunderbird anf firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6.

Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service by sending many crafted parameters. A new update is available.

Two vulnerabilities have been identified in EMC Documentum eRoom, which can be potentially exploited by malicious users to conduct session replay and cross-site scripting attacks. A new update is available.

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

Potential security vulnerabilities have been identified with HP Data Protector Express (DPX) 5.0 and 6.0. The vulnerabilities could be exploited remotely to create a Denial-of-Service (DoS) or to execute arbitrary code. HP has provided upgrades to resolve these vulnerabilities.

A weakness in the OpenSSL CMS and PKCS #7 code can be exploited using Bleichenbacher's attack on PKCS #1 v1.5 RSA padding also known as the million message attack (MMA). Only users of CMS, PKCS #7, or S/MIME decryption operations are affected. A successful attack needs on average 2^20 messages. In practice only automated systems will be affected as humans will not be willing to process this many messages. SSL/TLS applications are *NOT* affected by this problem since this code doesn't use the PKCS#7 or CMS decryption code. Affected users should upgrade to OpenSSL 1.0.0h or 0.9.8u.

JBoss Enterprise SOA Platform 5.2.0 roll up patch 1, which fixes one security issue and various bugs, is now available from the Red Hat Customer Portal.

Two format string vulnerabilities in YAML::LibYAML, a Perl Interface to the libyaml library have been found. Updated packages are available now.

More than 80 vulnerabilities can be corrected now by installing Apple Safari 5.1.4. Exploiting the vulnerabilities might lead to reduced security, Cross-Site Scripting, Denial-of-Service as well as remote code execution and unauthorized access. So this update is recommended.

F-Secure Linux Security 9.10 and 9.11 are not the latest in the product line. In these versions, RedirFS based implementation of real-time (on-access) scanning in Linux Security product will not work on non-root filesystems. Not affected are other scanning mechanisms like manual scanning or commandline-only scanning. It's strongly recommended to install version 9.12 or the corresponding hotfix.

Oracle (Sun) JRE can now be updated to version 1.5.0_32, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE.

The vCenter Chargeback Manager (CBM) contains a flaw in its handling of XML API requests. This vulnerability allows an unauthenticated remote attacker to download files from the CBM server or conduct a Denial-of-Service (DoS) against the server. Updated software is available now.

Two format string vulnerabilities in DBD::Pg, a Perl DBI driver for the PostgreSQL database server have been found. They can be exploited by a rogue database server. Updated packages are available now.

A double free vulnerability in the Python interface to the PAM library might lead to a Denial-of-Service (DoS). Updated packages are available now.

A potential security vulnerability has been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerability could be remotely exploited resulting in unauthorized disclosure of information. HP has made a procedure available to resolve this vulnerability.

An invalid pointer read flaw has been found in the way SystemTap handles malformed debugging information in DWARF format. When SystemTap unprivileged mode is enabled, an unprivileged user in the stapusr group could use this flaw to crash the system or, potentially, read arbitrary kernel memory.
Updated packages are available now.

Apple TV 5.0 is now available and addresses an integer overflow in the handling of DNS resource records by the library libresolv.

More than 80 vulnerabilities can be corrected now by installing iOS 5.1 on iPad, iPhone, iPod and other devices. Exploiting the vulnerabilities might lead to reduced security, Cross-Site Scripting, Denial-of-Service as well as remote code execution and unauthorized access. So this update is recommended.

More than 70 vulnerabilities can be corrected now by installing iTunes 10.6. The vulnerabilities might lead to reduced security, Denial-of-Service as well as remote code execution. So this update is recommended.

Several vulnerabilties in Freetype's parsing of BDF, Type1 and TrueType fonts might result in the execution of arbitrary code if a malformed font file is processed. Updated packages are available now.
Several security vulnerabilities were discovered in MySQL, a database management system. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.61, which includes additional changes, such as performance improvements and corrections for data loss defects.

SQLAlchemy is an Object Relational Mapper (ORM) that provides an interface to SQL databases. It has been discovered that SQLAlchemy doesn't sanitize values for the limit and offset keywords for SQL select statements. If an application using SQLAlchemy accepts values for these keywords and doesn't filter or sanitize them before passing them to SQLAlchemy, it could allow an attacker to perform an SQL injection attack against the application.
The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A heap overflow flaw has been found in the way QEMU emulates the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash QEMU or, possibly, escalate their privileges on the host.
Updated packages address these issues.

All versions of RSA SecurID Software Token Converter contain a buffer overflow vulnerability that could allow a malicious user to cause a Denial-of-Service (DoS) or possibly execute arbitrary code on a system running the Token Converter. RSA strongly recommends that all customers using RSA SecurID Software Token Converter upgrade to version 2.6.1 which can be downloaded now.

Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 6 and for Red Hat Enterprise Linux 5.6 Extended Update Support, respectively. Since some of the vulnerabilities might lead to remote Denial-of-Service and other problems, updates are recommended.

GIMP is the GNU Image Manipulation Program. Because of several vulnerabilities remote attackers are able to execute arbitrary code on vulnerable systems as well as conduct a Denial-of-Service (DoS). Two security vulnerabilities related to EXIF processing were discovered in ImageMagick, a suite of programs to manipulate images. Attackers with an existing account might be able to reduce security or to reach a DoS.
Updated packages are available now.

Updates address critical vulnerabilities in Adobe Flash Player 11.1.102.62 and earlier versions for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 11.1.115.6 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.6 and earlier versions for Android 3.x and 2.x. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. Updates should be installed as soon as possible.

It has been discovered that the XML::Atom Perl module doesn't disable external entities when parsing XML from potentially untrusted sources. This may allow attackers to gain read access to otherwise protected ressources, depending on how the library is used.
PLIB, a library used by TORCS, contains a buffer overflow in error message processing, which could allow remote attackers to execute arbitrary code.
Updated packages are available now.

IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 ActiveX control (Isig.isigCtl.1) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the RunAndUploadFile() method. By persuading a victim to visit a specially-crafted Web page, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the victim's browser to crash. It's also vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the GetAttachmentServlet, logon.do, register.do, addAsset.do, SoapServlet, or CallHomeExec servlets or via a specially-crafted EG2 file using various parameters, which could allow the attacker to view, add, modify or delete information in the back-end database.
There is no replacement for IBM Tivoli Provisioning Manager Express for Inventory (5724-N88) and IBM Tivoli Provisioning Manager Express for Software (5724-N89) Distribution. However a follow-on product, IBM Tivoli Endpoint Manager for Lifecycle Management v8.1 (5725-C43), is available.

Several vulnerabilities were discovered in Movable Type, a blogging system. Exploiting them might lead to command injection, Cross-Site Request Forgery (CSRF) or Cross-Site Scripting (XSS) attacks. It's recommended to install updated packages which are available now.

A buffer overflow vulnerability in the handling of WorkStation files (.ws) by IBM Personal Communications could allow a remote attacker to cause a Denial-of-Service (application crash) or potentially execute arbitrary code on vulnerable installations of IBM Personal Communications. A fix is available now.

JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It was found that JBoss Web doesn't handle large numbers of parameters and large parameter values efficiently. A remote attacker could make JBoss Web use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This Denial-of-Service (DoS) can be avoided by installing an update for JBoss Enterprise Portal Platform 4.3 CP07.