Vulnerabilities > CVE-2013-6954 - Denial of Service vulnerability in libpng 'png_read_transform_info()' Function NULL Pointer Dereference
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c. Per: http://cwe.mitre.org/data/definitions/476.html "CWE-476: NULL Pointer Dereference"
Vulnerable Configurations
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2014-4564.NASL description libpng 1.6.10 bug fix release. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-04-03 plugin id 73315 published 2014-04-03 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73315 title Fedora 20 : mingw-libpng-1.6.10-1.fc20 (2014-4564) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-4564. # include("compat.inc"); if (description) { script_id(73315); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-6954", "CVE-2014-0333"); script_bugtraq_id(64493, 65776); script_xref(name:"FEDORA", value:"2014-4564"); script_name(english:"Fedora 20 : mingw-libpng-1.6.10-1.fc20 (2014-4564)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "libpng 1.6.10 bug fix release. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1045561" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1070985" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131016.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?27fc0701" ); script_set_attribute( attribute:"solution", value:"Update the affected mingw-libpng package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mingw-libpng"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20"); script_set_attribute(attribute:"patch_publication_date", value:"2014/03/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/04/03"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC20", reference:"mingw-libpng-1.6.10-1.fc20")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mingw-libpng"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0412.NASL description Updated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 55 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 73608 published 2014-04-18 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73608 title RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2014:0412) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:0412. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(73608); script_version("1.9"); script_cvs_date("Date: 2019/10/24 15:35:38"); script_cve_id("CVE-2013-6629", "CVE-2013-6954", "CVE-2014-0429", "CVE-2014-0432", "CVE-2014-0446", "CVE-2014-0448", "CVE-2014-0449", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0454", "CVE-2014-0455", "CVE-2014-0456", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0459", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-1876", "CVE-2014-2397", "CVE-2014-2398", "CVE-2014-2401", "CVE-2014-2402", "CVE-2014-2403", "CVE-2014-2409", "CVE-2014-2412", "CVE-2014-2413", "CVE-2014-2414", "CVE-2014-2420", "CVE-2014-2421", "CVE-2014-2422", "CVE-2014-2423", "CVE-2014-2427", "CVE-2014-2428"); script_bugtraq_id(63676, 64493, 65568, 66856, 66866, 66870, 66873, 66877, 66879, 66881, 66883, 66887, 66891, 66893, 66894, 66897, 66898, 66899, 66902, 66903, 66904, 66905, 66907, 66909, 66910, 66911, 66912, 66914, 66915, 66916, 66917, 66918, 66919, 66920); script_xref(name:"RHSA", value:"2014:0412"); script_name(english:"RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2014:0412)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 55 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-6629.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-6954.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-0429.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-0432.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-0446.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-0448.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-0449.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-0451.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-0452.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-0453.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-0454.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-0455.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-0456.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-0457.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-0458.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-0459.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-0460.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-0461.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-1876.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-2397.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-2398.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-2401.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-2402.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-2403.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-2409.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-2412.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-2413.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-2414.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-2420.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-2421.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-2422.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-2423.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-2427.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-2428.html" ); # http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ef1fc2a6" ); script_set_attribute( attribute:"see_also", value:"http://rhn.redhat.com/errata/RHSA-2014-0412.html" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-javafx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-jdbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-plugin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-src"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.5"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/04/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! ereg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); flag = 0; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.7.0-oracle-1.7.0.55-1jpp.2.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.7.0-oracle-1.7.0.55-1jpp.2.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.7.0-oracle-devel-1.7.0.55-1jpp.2.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.7.0-oracle-devel-1.7.0.55-1jpp.2.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.7.0-oracle-javafx-1.7.0.55-1jpp.2.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.7.0-oracle-javafx-1.7.0.55-1jpp.2.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.7.0-oracle-jdbc-1.7.0.55-1jpp.2.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.7.0-oracle-jdbc-1.7.0.55-1jpp.2.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.7.0-oracle-plugin-1.7.0.55-1jpp.2.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.7.0-oracle-plugin-1.7.0.55-1jpp.2.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.7.0-oracle-src-1.7.0.55-1jpp.2.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.7.0-oracle-src-1.7.0.55-1jpp.2.el5_10")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-oracle-1.7.0.55-1jpp.1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-oracle-1.7.0.55-1jpp.1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-oracle-devel-1.7.0.55-1jpp.1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-oracle-devel-1.7.0.55-1jpp.1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-oracle-javafx-1.7.0.55-1jpp.1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-oracle-javafx-1.7.0.55-1jpp.1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-oracle-jdbc-1.7.0.55-1jpp.1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-oracle-jdbc-1.7.0.55-1jpp.1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-oracle-plugin-1.7.0.55-1jpp.1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-oracle-plugin-1.7.0.55-1jpp.1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-oracle-src-1.7.0.55-1jpp.1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-oracle-src-1.7.0.55-1jpp.1.el6_5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.7.0-oracle / java-1.7.0-oracle-devel / etc"); }NASL family Fedora Local Security Checks NASL id FEDORA_2014-6717.NASL description unhandled zero-length PLTE chunk or NULL palette (CVE-2013-6954) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-06-10 plugin id 74387 published 2014-06-10 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74387 title Fedora 19 : libpng-1.5.13-3.fc19 (2014-6717) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-772.NASL description This openjdk update fixes the following security and non security issues : - Upgrade to 2.4.8 (bnc#887530) - Changed back from gzipped tarball to xz - Changed the keyring file to add Andrew John Hughes that signed the icedtea package - Change ZERO to AARCH64 tarball - Removed patches : - gstackbounds.patch - java-1.7.0-openjdk-ppc-zero-jdk.patch - java-1.7.0-openjdk-ppc-zero-hotspot.patch - Integrated in upstream icedtea - java-1.7.0-openjdk-makefiles-zero.patch - Does not apply on the AARCH64 tarball, since the change from DEFAULT and ZERO tarball to DEFAULT and AARCH64 - Upstream changes since 2.4.4 : - Security fixes - S8029755, CVE-2014-4209: Enhance subject class - S8030763: Validate global memory allocation - S8031340, CVE-2014-4264: Better TLS/EC management - S8031346, CVE-2014-4244: Enhance RSA key handling - S8031540: Introduce document horizon - S8032536: JVM resolves wrong method in some unusual cases - S8033055: Issues in 2d - S8033301, CVE-2014-4266: Build more informative InfoBuilder - S8034267: Probabilistic native crash - S8034272: Do not cram data into CRAM arrays - S8034985, CVE-2014-2483: Better form for Lambda Forms - S8035004, CVE-2014-4252: Provider provides less service - S8035009, CVE-2014-4218: Make Proxy representations consistent - S8035119, CVE-2014-4219: Fix exceptions to bytecode verification - S8035699, CVE-2014-4268: File choosers should be choosier - S8035788. CVE-2014-4221: Provide more consistency for lookups - S8035793, CVE-2014-4223: Maximum arity maxed out - S8036571: (process) Process process arguments carefully - S8036800: Attribute OOM to correct part of code - S8037046: Validate libraries to be loaded - S8037076, CVE-2014-2490: Check constant pool constants - S8037157: Verify <init> call - S8037162, CVE-2014-4263: More robust DH exchanges - S8037167, CVE-2014-4216: Better method signature resolution - S8039520, CVE-2014-4262: More atomicity of atomic updates - S8023046: Enhance splashscreen support - S8025005: Enhance CORBA initializations - S8025010, CVE-2014-2412: Enhance AWT contexts - S8025030, CVE-2014-2414: Enhance stream handling - S8025152, CVE-2014-0458: Enhance activation set up - S8026067: Enhance signed jar verification - S8026163, CVE-2014-2427: Enhance media provisioning - S8026188, CVE-2014-2423: Enhance envelope factory - S8026200: Enhance RowSet Factory - S8026716, CVE-2014-2402: (aio) Enhance asynchronous channel handling - S8026736, CVE-2014-2398: Enhance Javadoc pages - S8026797, CVE-2014-0451: Enhance data transfers - S8026801, CVE-2014-0452: Enhance endpoint addressing - S8027766, CVE-2014-0453: Enhance RSA processing - S8027775: Enhance ICU code. - S8027841, CVE-2014-0429: Enhance pixel manipulations - S8028385: Enhance RowSet Factory - S8029282, CVE-2014-2403: Enhance CharInfo set up - S8029286: Enhance subject delegation - S8029699: Update Poller demo - S8029730: Improve audio device additions - S8029735: Enhance service mgmt natives - S8029740, CVE-2014-0446: Enhance handling of loggers - S8029745, CVE-2014-0454: Enhance algorithm checking - S8029750: Enhance LCMS color processing (in-tree LCMS) - S8029760, CVE-2013-6629: Enhance AWT image libraries (in-tree libjpeg) - S8029844, CVE-2014-0455: Enhance argument validation - S8029854, CVE-2014-2421: Enhance JPEG decodings - S8029858, CVE-2014-0456: Enhance array copies - S8030731, CVE-2014-0460: Improve name service robustness - S8031330: Refactor ObjectFactory - S8031335, CVE-2014-0459: Better color profiling (in-tree LCMS) - S8031352, CVE-2013-6954: Enhance PNG handling (in-tree libpng) - S8031394, CVE-2014-0457: (sl) Fix exception handling in ServiceLoader - S8031395: Enhance LDAP processing - S8032686, CVE-2014-2413: Issues with method invoke - S8033618, CVE-2014-1876: Correct logging output - S8034926, CVE-2014-2397: Attribute classes properly - S8036794, CVE-2014-0461: Manage JavaScript instances - Backports - S5049299: (process) Use posix_spawn, not fork, on S10 to avoid swap exhaustion - S6571600: JNI use results in UnsatisfiedLinkError looking for libmawt.so - S7131153: GetDC called way too many times - causes bad performance. - S7190349: [macosx] Text (Label) is incorrectly drawn with a rotated g2d - S8001108: an attempt to use last seen 2020-06-05 modified 2014-12-16 plugin id 80045 published 2014-12-16 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80045 title openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:1645-1) NASL family Windows NASL id ORACLE_JROCKIT_CPU_APR_2014.NASL description The remote host has a version of Oracle JRockit that is reportedly affected by vulnerabilities in the following components : - 2D - AWT - Javadoc - JNDI - Libraries - Security last seen 2020-06-01 modified 2020-06-02 plugin id 73612 published 2014-04-18 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73612 title Oracle JRockit R27 < R27.8.2 / R28 < R28.3.2 Multiple Vulnerabilities (April 2014 CPU) NASL family Fedora Local Security Checks NASL id FEDORA_2014-1766.NASL description Adding patch CVE-2013-6954 (#1056856) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-02-12 plugin id 72445 published 2014-02-12 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72445 title Fedora 19 : libpng12-1.2.50-4.fc19 (2014-1766) NASL family Windows NASL id IBM_NOTES_9_0_1_FP2.NASL description The remote host has a version of IBM Notes (formerly Lotus Notes) 9.0.x prior to 9.0.1 Fix Pack 2 (FP2) installed. It is, therefore, affected by the following vulnerabilities : - An unspecified error exists related to the TLS implementation and the IBM HTTP server that could allow certain error cases to cause 100% CPU utilization. Note this issue only affects Microsoft Windows hosts. (CVE-2014-0963) - Fixes in the Oracle Java CPU for April 2014 are included in the fixed IBM Java release, which is included in the fixed IBM Domino release. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) last seen 2020-06-01 modified 2020-06-02 plugin id 77812 published 2014-09-23 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77812 title IBM Notes 9.0.x < 9.0.1 Fix Pack 2 Multiple Vulnerabilities NASL family Windows NASL id ORACLE_JAVA_CPU_APR_2014.NASL description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 8 Update 5, 7 Update 55, 6 Update 75, or 5 Update 65. It is, therefore, potentially affected by security issues in the following components : - 2D - AWT - Deployment - Hotspot - JAX-WS - JAXB - JAXP - JNDI - JavaFX - Javadoc - Libraries - Scripting - Security - Sound last seen 2020-06-01 modified 2020-06-02 plugin id 73570 published 2014-04-16 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73570 title Oracle Java SE Multiple Vulnerabilities (April 2014 CPU) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0413.NASL description Updated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. [Updated 12th May 2014] The package list in this erratum has been updated to make the packages available in the Oracle Java for Red Hat Enterprise Linux 6 Workstation x86_64 channels on the Red Hat Network. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 55 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 79010 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79010 title RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2014:0413) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2923.NASL description Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. last seen 2020-03-17 modified 2014-05-06 plugin id 73868 published 2014-05-06 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73868 title Debian DSA-2923-1 : openjdk-7 - security update NASL family SuSE Local Security Checks NASL id SUSE_11_JAVA-1_7_0-OPENJDK-140508.NASL description This java-1_7_0-openjdk update to version 2.4.7 fixes the following security and non-security issues : - Security fixes - S8023046: Enhance splashscreen support - S8025005: Enhance CORBA initializations - S8025010, CVE-2014-2412: Enhance AWT contexts - S8025030, CVE-2014-2414: Enhance stream handling - S8025152, CVE-2014-0458: Enhance activation set up - S8026067: Enhance signed jar verification - S8026163, CVE-2014-2427: Enhance media provisioning - S8026188, CVE-2014-2423: Enhance envelope factory - S8026200: Enhance RowSet Factory - S8026716, CVE-2014-2402: (aio) Enhance asynchronous channel handling - S8026736, CVE-2014-2398: Enhance Javadoc pages - S8026797, CVE-2014-0451: Enhance data transfers - S8026801, CVE-2014-0452: Enhance endpoint addressing - S8027766, CVE-2014-0453: Enhance RSA processing - S8027775: Enhance ICU code. - S8027841, CVE-2014-0429: Enhance pixel manipulations - S8028385: Enhance RowSet Factory - S8029282, CVE-2014-2403: Enhance CharInfo set up - S8029286: Enhance subject delegation - S8029699: Update Poller demo - S8029730: Improve audio device additions - S8029735: Enhance service mgmt natives - S8029740, CVE-2014-0446: Enhance handling of loggers - S8029745, CVE-2014-0454: Enhance algorithm checking - S8029750: Enhance LCMS color processing (in-tree LCMS) - S8029760, CVE-2013-6629: Enhance AWT image libraries (in-tree libjpeg) - S8029844, CVE-2014-0455: Enhance argument validation - S8029854, CVE-2014-2421: Enhance JPEG decodings - S8029858, CVE-2014-0456: Enhance array copies - S8030731, CVE-2014-0460: Improve name service robustness - S8031330: Refactor ObjectFactory - S8031335, CVE-2014-0459: Better color profiling (in-tree LCMS) - S8031352, CVE-2013-6954: Enhance PNG handling (in-tree libpng) - S8031394, CVE-2014-0457: (sl) Fix exception handling in ServiceLoader - S8031395: Enhance LDAP processing - S8032686, CVE-2014-2413: Issues with method invoke - S8033618, CVE-2014-1876: Correct logging output - S8034926, CVE-2014-2397: Attribute classes properly - S8036794, CVE-2014-0461: Manage JavaScript instances - Backports - S8004145: New improved hgforest.sh, ctrl-c now properly terminates mercurial processes. - S8007625: race with nested repos in /common/bin/hgforest.sh - S8011178: improve common/bin/hgforest.sh python detection (MacOS) - S8011342: hgforest.sh : last seen 2020-06-05 modified 2014-05-14 plugin id 74007 published 2014-05-14 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74007 title SuSE 11.3 Security Update : OpenJDK (SAT Patch Number 9209) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-071.NASL description Updated libpng12 package fixes security vulnerabilities : The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PLTE chunk of zero bytes or a NULL palette, related to pngrtran.c and pngset.c (CVE-2013-6954). An integer overflow leading to a heap-based buffer overflow was found in the png_set_sPLT() and png_set_text_2() API functions of libpng. An attacker could create a specially crafted image file and render it with an application written to explicitly call png_set_sPLT() or png_set_text_2() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application (CVE-2013-7353). An integer overflow leading to a heap-based buffer overflow was found in the png_set_unknown_chunks() API function of libpng. An attacker could create a specially crafted image file and render it with an application written to explicitly call png_set_unknown_chunks() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application (CVE-2013-7354). last seen 2020-06-01 modified 2020-06-02 plugin id 82324 published 2015-03-30 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82324 title Mandriva Linux Security Advisory : libpng12 (MDVSA-2015:071) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0414.NASL description Updated java-1.6.0-sun packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. [Updated 12th May 2014] The package list in this erratum has been updated to make the packages available in the Oracle Java for Red Hat Enterprise Linux 6 Workstation x86_64 channels on the Red Hat Network. Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory pages, listed in the References section. (CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2461, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743, CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5852, CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5902, CVE-2013-5905, CVE-2013-5906, CVE-2013-5907, CVE-2013-5910, CVE-2013-6629, CVE-2013-6954, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0418, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428, CVE-2014-0429, CVE-2014-0446, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 75 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 79011 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79011 title RHEL 5 / 6 : java-1.6.0-sun (RHSA-2014:0414) NASL family Fedora Local Security Checks NASL id FEDORA_2014-1754.NASL description This update fixes an issue in which an image with a missing or empty palette could cause a crash of a libpng10-using application (CVE-2013-6954). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-02-07 plugin id 72377 published 2014-02-07 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72377 title Fedora 19 : libpng10-1.0.60-6.fc19 (2014-1754) NASL family Misc. NASL id VMWARE_VCENTER_VMSA-2014-0008.NASL description The VMware vCenter Server installed on the remote host is version 5.0 prior to Update 3c, 5.1 prior to Update 3, or 5.5 prior to Update 2. It is, therefore, affected by multiple vulnerabilities in third party libraries : - The bundled version of Apache Struts contains a code execution flaw. Note that 5.0 Update 3c only addresses this vulnerability. (CVE-2014-0114) - The bundled tc-server / Apache Tomcat contains multiple vulnerabilities. (CVE-2013-4590, CVE-2013-4322, and CVE-2014-0050) - The bundled version of Oracle JRE is prior to 1.7.0_55 and thus is affected by multiple vulnerabilities. Note that this only affects version 5.5 of vCenter. last seen 2020-06-01 modified 2020-06-02 plugin id 77728 published 2014-09-17 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77728 title VMware Security Updates for vCenter Server (VMSA-2014-0008) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-59.NASL description This update fixes the following security issue with libpng : - unhandled zero-length PLTE chunk or NULL palette. (bnc#856522, CVE-2013-6954) last seen 2020-06-05 modified 2014-06-13 plugin id 75395 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75395 title openSUSE Security Update : libpng16 (openSUSE-SU-2014:0100-1) NASL family Fedora Local Security Checks NASL id FEDORA_2014-1803.NASL description Adding patch CVE-2013-6954 (#1056856) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-02-12 plugin id 72447 published 2014-02-12 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72447 title Fedora 20 : libpng15-1.5.17-2.fc20 (2014-1803) NASL family Windows NASL id IBM_DOMINO_9_0_1_FP2.NASL description The version of IBM Domino (formerly Lotus Domino) installed on the remote host is 9.0.x prior to 9.0.1 Fix Pack 2 (FP2). It is, therefore, affected by the following vulnerabilities : - An unspecified error exists related to the TLS implementation and the IBM HTTP server that could allow certain error cases to cause 100% CPU utilization. Note this issue only affects Microsoft Windows hosts. (CVE-2014-0963) - Fixes in the Oracle Java CPU for April 2014 are included in the fixed IBM Java release, which is included in the fixed IBM Domino release. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) - A man-in-the-middle (MitM) information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) last seen 2020-06-01 modified 2020-06-02 plugin id 77811 published 2014-09-23 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77811 title IBM Domino 9.0.x < 9.0.1 Fix Pack 2 Multiple Vulnerabilities (credentialed check) (POODLE) NASL family Misc. NASL id ORACLE_JAVA_CPU_APR_2014_UNIX.NASL description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 8 Update 5, 7 Update 55, 6 Update 75, or 5 Update 65. It is, therefore, potentially affected by security issues in the following components : - 2D - AWT - Deployment - Hotspot - JAX-WS - JAXB - JAXP - JNDI - JavaFX - Javadoc - Libraries - Scripting - Security - Sound last seen 2020-06-01 modified 2020-06-02 plugin id 73571 published 2014-04-16 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73571 title Oracle Java SE Multiple Vulnerabilities (April 2014 CPU) (Unix) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2014-035.NASL description Updated libpng and libpng12 packages fix security vulnerability : The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PLTE chunk of zero bytes or a NULL palette, related to pngrtran.c and pngset.c (CVE-2013-6954). last seen 2020-06-01 modified 2020-06-02 plugin id 72550 published 2014-02-18 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72550 title Mandriva Linux Security Advisory : libpng (MDVSA-2014:035) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0486.NASL description Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-0457, CVE-2014-2421, CVE-2014-0429, CVE-2014-0461, CVE-2014-0455, CVE-2014-2428, CVE-2014-0448, CVE-2014-0454, CVE-2014-0446, CVE-2014-0452, CVE-2014-0451, CVE-2014-2402, CVE-2014-2423, CVE-2014-2427, CVE-2014-0458, CVE-2014-2414, CVE-2014-2412, CVE-2014-2409, CVE-2014-0460, CVE-2013-6954, CVE-2013-6629, CVE-2014-2401, CVE-2014-0449, CVE-2014-0459, CVE-2014-0453, CVE-2014-2398, CVE-2014-1876, CVE-2014-2420) All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR7 release. All running instances of IBM Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 74005 published 2014-05-14 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74005 title RHEL 5 / 6 : java-1.7.0-ibm (RHSA-2014:0486) NASL family SuSE Local Security Checks NASL id SUSE_11_JAVA-1_6_0-IBM-140514.NASL description BM Java 6 was updated to version 6 SR16 to fix several security issues and various other bugs. More information can be found at: http://www.ibm.com/developerworks/java/jdk/alerts/ last seen 2020-06-05 modified 2014-06-03 plugin id 74284 published 2014-06-03 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74284 title SuSE 11.3 Security Update : IBM Java 6 (SAT Patch Number 9256) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0705.NASL description Updated java-1.7.1-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 7 Supplementary. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5907, CVE-2013-5910, CVE-2013-6629, CVE-2013-6954, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428, CVE-2014-0429, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.7.1-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7R1 SR1 release. All running instances of IBM Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 76900 published 2014-07-30 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76900 title RHEL 7 : java-1.7.1-ibm (RHSA-2014:0705) NASL family Fedora Local Security Checks NASL id FEDORA_2014-6631.NASL description Fix CVE-2013-6954 (#1056853) and CVE-2014-0333 (#1070987) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-05-29 plugin id 74232 published 2014-05-29 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74232 title Fedora 20 : libpng-1.6.6-3.fc20 (2014-6631) NASL family Fedora Local Security Checks NASL id FEDORA_2014-1770.NASL description Adding CVE-2013-6954 patch Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-02-12 plugin id 72446 published 2014-02-12 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72446 title Fedora 20 : libpng12-1.2.50-6.fc20 (2014-1770) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-773.NASL description This openjdk update fixes the following security and non security issues : - Upgrade to 2.4.8 (bnc#887530) - Changed back from gzipped tarball to xz - Changed the keyring file to add Andrew John Hughes that signed the icedtea package - Change ZERO to AARCH64 tarball - Removed patches : - gstackbounds.patch - java-1.7.0-openjdk-ppc-zero-jdk.patch - java-1.7.0-openjdk-ppc-zero-hotspot.patch - Integrated in upstream icedtea - java-1.7.0-openjdk-makefiles-zero.patch - Does not apply on the AARCH64 tarball, since the change from DEFAULT and ZERO tarball to DEFAULT and AARCH64 - Upstream changes since 2.4.4 : - Security fixes - S8029755, CVE-2014-4209: Enhance subject class - S8030763: Validate global memory allocation - S8031340, CVE-2014-4264: Better TLS/EC management - S8031346, CVE-2014-4244: Enhance RSA key handling - S8031540: Introduce document horizon - S8032536: JVM resolves wrong method in some unusual cases - S8033055: Issues in 2d - S8033301, CVE-2014-4266: Build more informative InfoBuilder - S8034267: Probabilistic native crash - S8034272: Do not cram data into CRAM arrays - S8034985, CVE-2014-2483: Better form for Lambda Forms - S8035004, CVE-2014-4252: Provider provides less service - S8035009, CVE-2014-4218: Make Proxy representations consistent - S8035119, CVE-2014-4219: Fix exceptions to bytecode verification - S8035699, CVE-2014-4268: File choosers should be choosier - S8035788. CVE-2014-4221: Provide more consistency for lookups - S8035793, CVE-2014-4223: Maximum arity maxed out - S8036571: (process) Process process arguments carefully - S8036800: Attribute OOM to correct part of code - S8037046: Validate libraries to be loaded - S8037076, CVE-2014-2490: Check constant pool constants - S8037157: Verify <init> call - S8037162, CVE-2014-4263: More robust DH exchanges - S8037167, CVE-2014-4216: Better method signature resolution - S8039520, CVE-2014-4262: More atomicity of atomic updates - S8023046: Enhance splashscreen support - S8025005: Enhance CORBA initializations - S8025010, CVE-2014-2412: Enhance AWT contexts - S8025030, CVE-2014-2414: Enhance stream handling - S8025152, CVE-2014-0458: Enhance activation set up - S8026067: Enhance signed jar verification - S8026163, CVE-2014-2427: Enhance media provisioning - S8026188, CVE-2014-2423: Enhance envelope factory - S8026200: Enhance RowSet Factory - S8026716, CVE-2014-2402: (aio) Enhance asynchronous channel handling - S8026736, CVE-2014-2398: Enhance Javadoc pages - S8026797, CVE-2014-0451: Enhance data transfers - S8026801, CVE-2014-0452: Enhance endpoint addressing - S8027766, CVE-2014-0453: Enhance RSA processing - S8027775: Enhance ICU code. - S8027841, CVE-2014-0429: Enhance pixel manipulations - S8028385: Enhance RowSet Factory - S8029282, CVE-2014-2403: Enhance CharInfo set up - S8029286: Enhance subject delegation - S8029699: Update Poller demo - S8029730: Improve audio device additions - S8029735: Enhance service mgmt natives - S8029740, CVE-2014-0446: Enhance handling of loggers - S8029745, CVE-2014-0454: Enhance algorithm checking - S8029750: Enhance LCMS color processing (in-tree LCMS) - S8029760, CVE-2013-6629: Enhance AWT image libraries (in-tree libjpeg) - S8029844, CVE-2014-0455: Enhance argument validation - S8029854, CVE-2014-2421: Enhance JPEG decodings - S8029858, CVE-2014-0456: Enhance array copies - S8030731, CVE-2014-0460: Improve name service robustness - S8031330: Refactor ObjectFactory - S8031335, CVE-2014-0459: Better color profiling (in-tree LCMS) - S8031352, CVE-2013-6954: Enhance PNG handling (in-tree libpng) - S8031394, CVE-2014-0457: (sl) Fix exception handling in ServiceLoader - S8031395: Enhance LDAP processing - S8032686, CVE-2014-2413: Issues with method invoke - S8033618, CVE-2014-1876: Correct logging output - S8034926, CVE-2014-2397: Attribute classes properly - S8036794, CVE-2014-0461: Manage JavaScript instances - Backports - S5049299: (process) Use posix_spawn, not fork, on S10 to avoid swap exhaustion - S6571600: JNI use results in UnsatisfiedLinkError looking for libmawt.so - S7131153: GetDC called way too many times - causes bad performance. - S7190349: [macosx] Text (Label) is incorrectly drawn with a rotated g2d - S8001108: an attempt to use last seen 2020-06-05 modified 2014-12-16 plugin id 80046 published 2014-12-16 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80046 title openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:1638-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201406-32.NASL description The remote host is affected by the vulnerability described in GLSA-201406-32 (IcedTea JDK: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, bypass intended security policies, or have other unspecified impact. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 76303 published 2014-06-30 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76303 title GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT) NASL family SuSE Local Security Checks NASL id SUSE_11_JAVA-1_7_0-IBM-140515.NASL description IBM Java 7 was updated to version SR7, which received security and bug fixes. More information is available at: http://www.ibm.com/developerworks/java/jdk/aix/j764/Java7_64.fixes.htm l#SR7 last seen 2020-06-05 modified 2014-06-01 plugin id 74254 published 2014-06-01 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74254 title SuSE 11.3 Security Update : IBM Java 7 (SAT Patch Number 9263) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0508.NASL description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-0457, CVE-2014-2421, CVE-2014-0429, CVE-2014-0461, CVE-2014-2428, CVE-2014-0446, CVE-2014-0452, CVE-2014-0451, CVE-2014-2423, CVE-2014-2427, CVE-2014-0458, CVE-2014-2414, CVE-2014-2412, CVE-2014-2409, CVE-2014-0460, CVE-2013-6954, CVE-2013-6629, CVE-2014-2401, CVE-2014-0449, CVE-2014-0453, CVE-2014-2398, CVE-2014-1876, CVE-2014-2420) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR16 release. All running instances of IBM Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 74031 published 2014-05-16 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74031 title RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2014:0508) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0982.NASL description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite Server 5.4, 5.5, and 5.6. The Red Hat Security Response Team has rated this update as having Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.4, 5.5, and 5.6. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment. (CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5907, CVE-2013-5910, CVE-2013-6629, CVE-2013-6954, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428, CVE-2014-0429, CVE-2014-0446, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0457, CVE-2014-0458, CVE-2014-0460, CVE-2014-0461, CVE-2014-0878, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) Users of Red Hat Network Satellite Server 5.4, 5.5, and 5.6 are advised to upgrade to these updated packages, which contain the IBM Java SE 6 SR16 release. For this update to take effect, Red Hat Network Satellite Server must be restarted ( last seen 2020-06-01 modified 2020-06-02 plugin id 79039 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79039 title RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2014:0982) NASL family Windows NASL id VMWARE_VCENTER_UPDATE_MGR_VMSA-2014-0008.NASL description The version of VMware vCenter Update Manager installed on the remote Windows host is 5.5 prior to Update 2. It is, therefore, affected by multiple vulnerabilities related to the bundled version of Oracle JRE prior to 1.7.0_55. last seen 2020-06-01 modified 2020-06-02 plugin id 77727 published 2014-09-17 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77727 title VMware vCenter Update Manager Multiple Java Vulnerabilities (VMSA-2014-0008) NASL family Fedora Local Security Checks NASL id FEDORA_2014-1778.NASL description This update fixes an issue in which an image with a missing or empty palette could cause a crash of a libpng10-using application (CVE-2013-6954). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-02-07 plugin id 72378 published 2014-02-07 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72378 title Fedora 20 : libpng10-1.0.60-6.fc20 (2014-1778) NASL family Misc. NASL id DOMINO_9_0_1_FP2.NASL description According to its version, the IBM Domino (formerly IBM Lotus Domino) application on the remote host is 9.x prior to 9.0.1 Fix Pack 2 (FP2). It is, therefore, affected by the following vulnerabilities : - An unspecified error exists related to the TLS implementation and the IBM HTTP server that could allow certain error cases to cause 100% CPU utilization. Note that this issue only affects Microsoft Windows hosts. (CVE-2014-0963) - Fixes in the Oracle Java CPU for April 2014 are included in the fixed IBM Java release, which is included in the fixed IBM Domino release. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) last seen 2020-06-01 modified 2020-06-02 plugin id 77810 published 2014-09-23 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77810 title IBM Domino 9.x < 9.0.1 Fix Pack 2 Multiple Vulnerabilities (uncredentialed check) NASL family AIX Local Security Checks NASL id AIX_JAVA_APR2014_ADVISORY.NASL description The version of Java SDK installed on the remote host is potentially affected by the following vulnerabilities : - There is an information disclosure flaw in libjpeg and libjpeg-turbo allowing remote attackers access to uninitialized memory via crafted JPEG images. (CVE-2013-6629) - A vulnerability in libpng allows denial of service attacks via a flaw in pngtran.c pngset.c. (CVE-2013-6954) - Vulnerabilities in Oracle Java allow remote code execution via flaws in 2D image handling. (CVE-2014-0429, CVE-2014-2401, CVE-2014-2421) - A vulnerability in Oracle Java allows remote code execution via a flaw in logger handling. (CVE-2014-0446) - Vulnerabilities in Oracle Java allow remote code execution via flaws in the Deployment subcomponent. (CVE-2014-0448, CVE-2014-0449, CVE-2014-2409, CVE-2014-2420, CVE-2014-2428) - A vulnerability in Oracle Java allows a remote attacker to bypass security features through flaws in AWT. (CVE-2014-0451, CVE-2014-2412) - A vulnerability in Oracle Java allows a remote attacker to bypass security features through flaws in W3CEndpointReference.java. (CVE-2014-0452) - An information disclosure vulnerability in Oracle Java RSAPadding allows a remote attacker to view timing information protected by encryption. (CVE-2014-0452) - A vulnerability in Oracle Java allows a remote attacker to modify the SIGNATURE_PRIMITIVE_SET through flaws in SignatureAndHalshAlgorithm and AlgorithmChecker. (CVE-2014-0454) - A vulnerability in Oracle Java allows remote code execution via a flaw in MethodHandles.java. (CVE-2014-0455) - A vulnerability in Oracle Java allows remote code execution via a flaw in exception handling. (CVE-2014-0457) - Vulnerabilities in Oracle Java allow a remote attacker to bypass security features through flaws in JAX-WS. (CVE-2014-0458, CVE-2014-2423) - An unspecified vulnerability exists in Oracle Java via sandboxed applications. (CVE-2014-0459) - A vulnerability in Oracle Java allows remote attackers to conduct spoofing attacks via a flaw in the DnsClient component. (CVE-2014-0460) - A vulnerability in Oracle Java allows remote code execution via a flaw in ScriptEngineManager.java. (CVE-2014-0461) - A vulnerability in Oracle Java allows a remote attacker to bypass security features through flaws in the random number generation of cryptographic protection. (CVE-2014-0878) - A privilege escalation vulnerability in Oracle Java allows remote attacks to overwrite arbitrary files via a flaw in unpack200. (CVE-2014-1876) - A vulnerability in Oracle Java allows remote code execution via a flaw in Javadoc. (CVE-2014-2398) - A vulnerability in Oracle Java allows a remote attacker to bypass security features through flaws in asynchronous channel handling across threads. (CVE-2014-2402) - Vulnerabilities in Oracle Java allow a remote attacker to bypass security features through flaws in JAXB. (CVE-2014-2414) - A vulnerability in Oracle Java allows a remote attacker to bypass security features through flaws in Java sound libraries. (CVE-2014-2427) last seen 2020-06-01 modified 2020-06-02 plugin id 76870 published 2014-07-28 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76870 title AIX Java Advisory : java_apr2014_advisory.asc
Redhat
| advisories |
| ||||||||
| rpms |
|
The Hacker News
| id | THN:F163E519BC7D66DC74B0794EF8746E50 |
| last seen | 2018-01-27 |
| modified | 2014-04-17 |
| published | 2014-04-16 |
| reporter | Wang Wei |
| source | https://thehackernews.com/2014/04/oracle-releases-critical-update-to.html |
| title | Oracle releases Critical Update to Patch 104 Vulnerabilities |
References
- http://advisories.mageia.org/MGASA-2014-0075.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127947.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127952.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128098.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128099.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128114.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00071.html
- http://marc.info/?l=bugtraq&m=140852886808946&w=2
- http://marc.info/?l=bugtraq&m=140852974709252&w=2
- http://secunia.com/advisories/58974
- http://secunia.com/advisories/59058
- http://security.gentoo.org/glsa/glsa-201406-32.xml
- http://sourceforge.net/p/libpng/code/ci/1faa6ff32c648acfe3cf30a58d31d7aebc24968c
- http://sourceforge.net/projects/libpng/files/libpng16/1.6.8/
- http://www.kb.cert.org/vuls/id/650142
- http://www.libpng.org/pub/png/libpng.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:035
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
- http://www.securityfocus.com/bid/64493
- http://www-01.ibm.com/support/docview.wss?uid=swg21672080
- http://www-01.ibm.com/support/docview.wss?uid=swg21676746
- https://access.redhat.com/errata/RHSA-2014:0413
- https://access.redhat.com/errata/RHSA-2014:0414
- https://bugzilla.redhat.com/show_bug.cgi?id=1045561
- https://www.ibm.com/support/docview.wss?uid=swg21675973