<< Previous Next >>
product
Summary
=======
An industry-wide vulnerability exists in the Transport Layer Security
(TLS) protocol that could impact any Cisco product that uses any version
of TLS and SSL. The vulnerability exists in how the protocol handles
session renegotiation and exposes users to a potential man-in-the-middle
attack.
This advisory is posted at
To obtain HP StorageWorks 1/8 G2 Tape Autoloader, MSL2024, MSL4048, and MSL8096 library firmware files, follow these steps:
Go to http://www.hp.com/support/storage
Select the appropriate product from the list and follow the instructions from the web page.
Note : In case of problems finding the appropriate product or firmware, use the Product Search function from http://www.hp.com/support/downloads
Alternatively, firmware files are available through the HP StorageWorks Library and Tape Tools diagnostic: http://www.hp.com/support/tapetools
Product
RESOLUTION
HP has provided firmware updates and preliminary firmware updates to resolve this vulnerability. The firmware updates and preliminary firmware updates are available as described below.
Note: Each firmware update has instructions for finding the firmware version installed on the product.
Product
Resolved in Firmware Version
HP LaserJet 4345mfp
8. *Technical Description / Proof of Concept Code*
Internet Explorer uses a feature known as URL Security Zones [2], which
defines a set of privileges for Web sites and applications depending on
their apparent level of trustworthiness. The zones available in the
product include:
. *Internet Zone: * For Web sites on the Internet that do not belong
to another zone.
. *Local Intranet Zone: * For content located on an organization's
intranet.
RESOLUTION
HP has provided firmware updates and preliminary firmware updates to resolve this vulnerability. The firmware updates and preliminary firmware updates are available as described below.
Note: Each firmware update has instructions for finding the firmware version installed on the product.
Product
Resolved in Firmware Version
HP LaserJet 4345mfp
http://www.cisco.com/warp/public/707/cisco-sa-20090325-udp.shtml
* Cisco IOS Software WebVPN and SSLVPN Vulnerabilities
http://www.cisco.com/warp/public/707/cisco-sa-20090325-webvpn.shtml
Affected Products
=================
Vulnerable Products
+------------------
RESOLUTION
HP has provided firmware updates and preliminary firmware updates to resolve this vulnerability. The firmware updates and preliminary firmware updates are available as described below.
Note: Each firmware update has instructions for finding the firmware version installed on the product.
Product
Resolved in Firmware Version
HP LaserJet 4345mfp
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2008-0016
Synopsis: VMware Hosted products, VirtualCenter Update 3 and
patches for ESX and ESXi resolve multiple security issues
Issue date: 2008-10-03
Updated on: 2008-10-03 (initial release of advisory)
CVE numbers: CVE-2008-4279 CVE-2008-4278 CVE-2008-3103
CVE-2008-3104 CVE-2008-3105 CVE-2008-3106
identified in this advisory is CVSS v2 Base Score: 4
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Affected Products:
* RSA enVision versions prior 3.7 SP1
Unaffected Products:
Effective May 2010, VMware's patch and update release program during
Extended Support will be continued with the condition that all
subsequent patch and update releases will be based on the latest
baseline release version as of May 2010 (i.e. ESX 3.0.3 Update 1,
ESX 3.5 Update 5, and VirtualCenter 2.5 Update 6). Refer to section
"End of Product Availability FAQs" at
http://www.vmware.com/support/policies/lifecycle/vi/faq.html for
details.
Extended support for ESX 3.0.3 ends on 2011-12-10. Users should plan
to upgrade to at least ESX 3.5 and preferably to the newest release
RSA Access Manager Server contains a potential vulnerability due to improper input handling that could be exploited by malicious people to gain unauthorized access to protected resources.
Affected Products:
RSA Access Manager Server version 5.5.x
RSA Access Manager Server version 6.0.x
RSA Access Manager Server version 6.1.x
CVE Identifier: CVE-2011-1422
Affected Products:
Adaptive Authentication (On-Premise) versions 2.x, 5.7.x and 6.x may be impacted.
A potential cross-site scripting vulnerability due to improper input validation that could be exploited in certain situations has been identified in RSA DLP Enterprise Manager versions 8.x.
Affected Products:
RSA DLP Enterprise Manager Versions 8.x may be impacted.
RSA Access Manager Server contains a potential vulnerability due to improper input handling that could be exploited by malicious people to gain unauthorized access to protected resources.
Affected Products:
RSA Access Manager Server version 5.5.x
RSA Access Manager Server version 6.0.x
RSA Access Manager Server version 6.1.x
Obtaining Downloads:
To obtain the latest RSA product downloads, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose download you want to obtain. Scroll to the section for the product download that you want and click on the link.
Obtaining Documentation:
RSA, The Security Division of EMC, announces security fixes to address two security vulnerabilities in RSA enVision®.
Affected Products:
RSA enVision 4.x
RSA enVision 3.x
The Common Vulnerability Scoring System (CVSS) Base Score for the item identified by CVE-2011-2740 in this advisory is: 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C). See Oracle Advisory for the details of CPU Update July 2011. RSA recommends that all customers take into account both the base score and any relevant temporal and environmental scores, which may impact the potential severity associated with a particular security vulnerability.
Affected Products:
RSA Key Manager Appliance 2.7 Service Pack 1
The code signing feature verifies that firmware updates are properly signed. This will prevent the installation of invalid firmware updates.
The following table lists the availability of RFU disabling and code signing.
Product
RFU Can Be Disabled
Code Signing Firmware Available
HP LaserJet Enterprise 500 color M551
Yes
RSA, The Security Division of EMC, announces security fixes to address a security vulnerability and provide an enhancement in RSA enVision®.
Affected Products:
RSA enVision 4.x
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following updated product kit available to resolve the vulnerabilities. The HP IC-Linux v6.0 product kit is available as described below.
The product kit is HP_Insight_Control_for_Linux_V6.00_TC208_11001.iso which can be downloaded from here: https://h20392.www2.hp.com/portal/swdepot/try.do?productNumber=HPICELX
The product kit can also be obtained by going to http://www.hp.com/go/ice-lx
RESOLUTION
HP has provided firmware updates to resolve this vulnerability. The firmware updates are available from http://www.hp.com
Product
Resolved in Firmware Version
HP Color LaserJet M3530 Multifunction Printer
53.031.4 or subsequent
Please see http://kb.vmware.com/kb/1011786 for details.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
has assigned the name CVE-2008-5077 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
has assigned the name CVE-2008-4914 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
validation by the database engine service. An attacker can make a
request that will crash the service. The fourth vulnerability,
CVE-2008-4400, occurs due to insufficient validation of
authentication credentials. An attacker can make a request that
will crash multiple services. Note that these issues only affect
the base product.
Mitigating Factors: None
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-3108 and CVE-2007-5135 to the issues
addressed by this update.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows affected, patch pending
hosted * any any for patch info see VMSA-2008-0005
References: CVE-2010-3287, HP PR57775, PR57777, PR57778, PR57779, PR57780, PR57781, PR57978, PR58030
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP ProCurve Product
Affected Software Versions
v5.4.0 and earlier
v5.3.5 and earlier
v5.2.7 and earlier
v5.1.9 and earlier
independently reporting this issue to VMware.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 7.x any 7.1.2 build 301548 or later *
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
<<Previous Next>>
|
