CVE/2009/3720
CVE-2010-2059, CVE-2011-3378
--- COS samba ---
CVE-2010-0547, CVE-2010-0787, CVE-2011-1678,
CVE-2011-2522, CVE-2011-2694
--- COS python ---
CVE-2009-3720, CVE-2010-3493, CVE-2011-1015,
CVE-2011-1521
--- python library ---
CVE-2009-3560, CVE-2009-3720, CVE-2010-1634,
CVE-2010-2089, CVE-2011-1521
----------------------------------------------------------------------
===========================================================
Ubuntu Security Notice USN-890-6 April 15, 2010
cmake vulnerabilities
CVE-2009-3560, CVE-2009-3720
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 8.10
===========================================================
Ubuntu Security Notice USN-890-3 January 22, 2010
python2.4 vulnerabilities
CVE-2009-3560, CVE-2009-3720
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
===========================================================
Ubuntu Security Notice USN-890-5 February 18, 2010
xmlrpc-c vulnerabilities
CVE-2009-3560, CVE-2009-3720
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 9.10
Packages : python2.4 python2.5
Vulnerability : several vulnerabilities
Problem type : local (remote)
Debian-specific: no
CVE Id : CVE-2008-2316 CVE-2009-3560 CVE-2009-3720
Debian Bug : 493797 560912 560913
Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that the embedded Expat copy
in the interpreter for the Python language, does not properly process malformed or
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP-UX Apache Web Server. These vulnerabilities could be exploited remotely to disclose information, allow cross-site scripting (XSS), or create a Denial of Service (DoS). The Tomcat-based Servlet Engine is contained in the HP-UX Apache Web Server Suite.
References: CVE-2009-3560, CVE-2009-3720, CVE-2010-1623, CVE-2010-3718, CVE-2010-4476, CVE- 2011-0013
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.14 or earlier
HP-UX B.11.11, B.11.23, B.11.31 running HP-UX Apache Web Server Suite v2.32 or earlier
===========================================================
Ubuntu Security Notice USN-890-1 January 20, 2010
expat vulnerabilities
CVE-2009-2625, CVE-2009-3560, CVE-2009-3720
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Issue date: 2010-03-03
Updated on: 2010-03-03 (initial release of advisory)
CVE numbers: CVE-2009-2905 CVE-2008-4552 CVE-2008-4316
CVE-2009-1377 CVE-2009-1378 CVE-2009-1379
CVE-2009-1386 CVE-2009-1387 CVE-2009-0590
CVE-2009-4022 CVE-2009-3560 CVE-2009-3720
CVE-2009-2904 CVE-2009-3563 CVE-2009-2695
CVE-2009-2849 CVE-2009-2695 CVE-2009-2908
CVE-2009-3228 CVE-2009-3286 CVE-2009-3547
CVE-2009-3613 CVE-2009-3612 CVE-2009-3620
CVE-2009-3621 CVE-2009-3726 CVE-2008-3916
===========================================================
Ubuntu Security Notice USN-890-4 January 26, 2010
python-xml vulnerabilities
CVE-2009-3560, CVE-2009-3720
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
===========================================================
Ubuntu Security Notice USN-890-2 January 21, 2010
python2.5 vulnerabilities
CVE-2009-3560, CVE-2009-3720
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 8.10
Problem Description:
A vulnerability was found in xmltok_impl.c (expat) that with
specially crafted XML could be exploited and lead to a denial of
service attack. Related to CVE-2009-2625 (CVE-2009-3720).
Additionally on 2009.0 a patch was added to prevent kompozer from
crashing (#44830), on 2009.1 a format string patch was added to make
it build with the -Wformat -Werror=format-security gcc optimization
switch added in 2009.1
Problem Description:
A vulnerability was found in xmltok_impl.c (expat) that with
specially crafted XML could be exploited and lead to a denial of
service attack. Related to CVE-2009-2625 (CVE-2009-3720).
This update fixes this vulnerability.
Update:
Problem Description:
A vulnerability was found in xmltok_impl.c (expat) that with
specially crafted XML could be exploited and lead to a denial of
service attack. Related to CVE-2009-2625 (CVE-2009-3720).
This update fixes this vulnerability.
Update:
Problem Description:
A vulnerability was found in xmltok_impl.c (expat) that with
specially crafted XML could be exploited and lead to a denial of
service attack. Related to CVE-2009-2625 (CVE-2009-3720).
This update fixes this vulnerability.
Update:
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1,
as used in the XML-Twig module for Perl, allows context-dependent
attackers to cause a denial of service (application crash) via an
XML document with malformed UTF-8 sequences that trigger a buffer
over-read, related to the doProlog function in lib/xmlparse.c,
a different vulnerability than CVE-2009-2625 and CVE-2009-3720
(CVE-2009-3560).
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
This update provides a solution to these vulnerabilities.
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1,
as used in the XML-Twig module for Perl, allows context-dependent
attackers to cause a denial of service (application crash) via an
XML document with malformed UTF-8 sequences that trigger a buffer
over-read, related to the doProlog function in lib/xmlparse.c,
a different vulnerability than CVE-2009-2625 and CVE-2009-3720
(CVE-2009-3560).
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
This update provides a solution to these vulnerabilities.
Problem Description:
A vulnerability was found in xmltok_impl.c (expat) that with
specially crafted XML could be exploited and lead to a denial of
service attack. Related to CVE-2009-2625 (CVE-2009-3720).
This update fixes this vulnerability.
Update:
Security issues in thunderbird could lead to a man-in-the-middle
attack via a spoofed X.509 certificate (CVE-2009-2408).
A vulnerability was found in xmltok_impl.c (expat) that with
specially crafted XML could be exploited and lead to a denial of
service attack. Related to CVE-2009-2625 (CVE-2009-3720).
This update provides the latest version of Thunderbird which are not
vulnerable to these issues.
Update:
Problem Description:
A vulnerability was found in xmltok_impl.c (expat) that with
specially crafted XML could be exploited and lead to a denial of
service attack. Related to CVE-2009-2625 (CVE-2009-3720).
This update fixes this vulnerability.
Update:
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1,
as used in the XML-Twig module for Perl, allows context-dependent
attackers to cause a denial of service (application crash) via an
XML document with malformed UTF-8 sequences that trigger a buffer
over-read, related to the doProlog function in lib/xmlparse.c,
a different vulnerability than CVE-2009-2625 and CVE-2009-3720
(CVE-2009-3560).
Packages for 2008.0 are being provided due to extended support for
Corporate products.
Problem Description:
A vulnerability was found in xmltok_impl.c (expat) that with
specially crafted XML could be exploited and lead to a denial of
service attack. Related to CVE-2009-2625 (CVE-2009-3720).
This update fixes this vulnerability.
Update:
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1,
as used in the XML-Twig module for Perl, allows context-dependent
attackers to cause a denial of service (application crash) via an
XML document with malformed UTF-8 sequences that trigger a buffer
over-read, related to the doProlog function in lib/xmlparse.c,
a different vulnerability than CVE-2009-2625 and CVE-2009-3720
(CVE-2009-3560).
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
This update provides a solution to these vulnerabilities.
|
