New User, Welcome!     Login

Next Page >>

Unaffected

AST-2009-004: Remote Crash Vulnerability in RTP stack

   +------------------------------------------------------------------------+
   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |            Product            | Release Series |                       |
   |-------------------------------+----------------+-----------------------|
   |     Asterisk Open Source      |     1.2.x      | Unaffected            |
   |-------------------------------+----------------+-----------------------|
   |     Asterisk Open Source      |     1.4.x      | Unaffected            |
   |-------------------------------+----------------+-----------------------|
   |     Asterisk Open Source      |     1.6.x      | All 1.6.1 versions    |
   |-------------------------------+----------------+-----------------------|

AST-2009-007: ACL not respected on SIP INVITE

   +------------------------------------------------------------------------+
   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |            Product            | Release Series |                       |
   |-------------------------------+----------------+-----------------------|
   |     Asterisk Open Source      |     1.2.x      | Unaffected            |
   |-------------------------------+----------------+-----------------------|
   |     Asterisk Open Source      |     1.4.x      | Unaffected            |
   |-------------------------------+----------------+-----------------------|
   |     Asterisk Open Source      |     1.6.x      | All 1.6.1 versions    |
   |-------------------------------+----------------+-----------------------|

AST-2010-003: Invalid parsing of ACL rules can compromise security

   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |          Product           | Release |                                 |
   |                            | Series  |                                 |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    |  1.2.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    |  1.4.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    |  1.6.x  | All 1.6.0, 1.6.1 and 1.6.2      |
   |                            |         | releases                        |

AST-2008-012: Remote crash vulnerability in IAX2

   |------------------------------------------------------------------------|
   |             Product             | Release Series |                     |
   |---------------------------------+----------------+---------------------|
   |      Asterisk Open Source       |     1.2.x      | 1.2.26-1.2.30.3     |
   |---------------------------------+----------------+---------------------|
   |      Asterisk Open Source       |     1.4.x      | Unaffected          |
   |---------------------------------+----------------+---------------------|
   |      Asterisk Open Source       |     1.6.x      | Unaffected          |
   |---------------------------------+----------------+---------------------|
   |         Asterisk Addons         |     1.2.x      | Unaffected          |
   |---------------------------------+----------------+---------------------|

AST-2008-004: Format String Vulnerability in Logger and Manager

   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |          Product           | Release |                                 |
   |                            | Series  |                                 |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    |  1.0.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    |  1.2.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    |  1.4.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|

AST-2007-022: Buffer overflows in voicemail when using IMAP storage

    |                           Affected Versions                            |
    |------------------------------------------------------------------------|
    |             Product              |   Release   |                       |
    |                                  |   Series    |                       |
    |----------------------------------+-------------+-----------------------|
    |       Asterisk Open Source       |    1.0.x    | Unaffected            |
    |----------------------------------+-------------+-----------------------|
    |       Asterisk Open Source       |    1.2.x    | Unaffected            |
    |----------------------------------+-------------+-----------------------|
    |       Asterisk Open Source       |    1.4.x    | All versions prior to |
    |                                  |             | 1.4.13                |

AST-2009-009: Cross-site AJAX request vulnerability

   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |          Product           | Release |                                 |
   |                            | Series  |                                 |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    |  1.2.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    |  1.4.x  | All versions prior to 1.4.26.3  |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    | 1.6.0.x | All versions prior to 1.6.0.17  |
   |----------------------------+---------+---------------------------------|

AST-2007-023 - SQL Injection Vulnerabilty in cdr_addon_mysql

   |                      |             | asterisk-addons-1.2.8             |
   |----------------------+-------------+-----------------------------------|
   | Asterisk Open Source |    1.4.x    | All versions prior to             |
   |                      |             | asterisk-addons-1.4.4             |
   |----------------------+-------------+-----------------------------------|
   |  Asterisk Business   |    A.x.x    | Unaffected                        |
   |       Edition        |             |                                   |
   |----------------------+-------------+-----------------------------------|
   |  Asterisk Business   |    B.x.x    | Unaffected                        |
   |       Edition        |             |                                   |
   |----------------------+-------------+-----------------------------------|

AST-2008-002: Two buffer overflows in RTP Codec Payload Handling

   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |          Product           | Release |                                 |
   |                            | Series  |                                 |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    |  1.0.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    |  1.2.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    |  1.4.x  | All versions prior to 1.4.18.1  |
   |                            |         | and 1.4.19-rc3                  |

AST-2008-001: Crash from transfer using BYE with Also header

    |                           Affected Versions                            |
    |------------------------------------------------------------------------|
    |          Product           |   Release   |                             |
    |                            |   Series    |                             |
    |----------------------------+-------------+-----------------------------|
    |    Asterisk Open Source    |    1.0.x    | Unaffected                  |
    |----------------------------+-------------+-----------------------------|
    |    Asterisk Open Source    |    1.2.x    | Unaffected                  |
    |----------------------------+-------------+-----------------------------|
    |    Asterisk Open Source    |    1.4.x    | All versions prior to       |
    |                            |             | 1.4.17                      |

AST-2009-008: SIP responses expose valid usernames

   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    | 1.6.0.x | All versions prior to 1.6.0.17  |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    | 1.6.1.x | All versions prior to 1.6.1.9   |
   |----------------------------+---------+---------------------------------|
   |      Asterisk Addons       |  1.2.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   |      Asterisk Addons       |  1.4.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   |      Asterisk Addons       |  1.6.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|

[ GLSA 201006-01 ] FreeType 1: User-assisted execution of arbitrary code

Affected packages
=================

    -------------------------------------------------------------------
     Package   /       Vulnerable       /                   Unaffected
    -------------------------------------------------------------------
  1  freetype     < 1.4_pre20080316-r2           >= 1.4_pre20080316-r2

Description
===========

RE: [ GLSA 201006-13 ] Smarty: Multiple vulnerabilities

Affected packages
=================

    -------------------------------------------------------------------
     Package         /  Vulnerable  /                       Unaffected
    -------------------------------------------------------------------
  1  dev-php/smarty      < 2.6.23                            >= 2.6.23

Description
===========

[ GLSA 201006-19 ] Bugzilla: Multiple vulnerabilities

Affected packages
=================

    -------------------------------------------------------------------
     Package            /  Vulnerable  /                    Unaffected
    -------------------------------------------------------------------
  1  www-apps/bugzilla       < 3.2.6                          >= 3.2.6

Description
===========

[ GLSA 201006-13 ] Smarty: Multiple vulnerabilities

Affected packages
=================

    -------------------------------------------------------------------
     Package         /  Vulnerable  /                       Unaffected
    -------------------------------------------------------------------
  1  dev-php/smarty      < 2.6.23                            >= 2.6.23

Description
===========

[ GLSA 201006-04 ] xine-lib: User-assisted execution of arbitrary code

Affected packages
=================

    -------------------------------------------------------------------
     Package              /  Vulnerable  /                  Unaffected
    -------------------------------------------------------------------
  1  media-libs/xine-lib     < 1.1.16.3                    >= 1.1.16.3

Description
===========

[ GLSA 201006-03 ] ImageMagick: User-assisted execution of arbitrary code

Affected packages
=================

    -------------------------------------------------------------------
     Package                /  Vulnerable  /                Unaffected
    -------------------------------------------------------------------
  1  media-gfx/imagemagick      < 6.5.2.9                   >= 6.5.2.9

Description
===========

[ GLSA 201006-18 ] Oracle JRE/JDK: Multiple vulnerabilities

Affected packages
=================

    -------------------------------------------------------------------
     Package                            /  Vulnerable  /    Unaffected
    -------------------------------------------------------------------
  1  dev-java/sun-jre-bin                  < 1.6.0.20      >= 1.6.0.20
  2  dev-java/sun-jdk                      < 1.6.0.20      >= 1.6.0.20
  3  app-emulation/emul-linux-x86-java     < 1.6.0.20      >= 1.6.0.20
    -------------------------------------------------------------------

VMware Emulation Flaw x64 Guest Privilege Escalation (2/2)

VMware Server 1.0.8-Build 126538
(some fixes were silently released with VMSA-2008-0014, see:
 http://www.vmware.com/security/advisories/VMSA-2008-0014.html)


UNAFFECTED SOFTWARE
-------------------
VMware Player 2.5
VMware Server 2.0
VMware Workstation 6.5

VMware Emulation Flaw x64 Guest Privilege Escalation (1/2)

VMware Workstation 6.0.5-Build 109488
(some fixes were silently released with VMSA-2008-0014, see:
 http://www.vmware.com/security/advisories/VMSA-2008-0014.html)


UNAFFECTED SOFTWARE
-------------------
VMware Player 2.5
VMware Server 2.0
VMware Workstation 6.5

Cisco Security Advisory: Cisco IOS MPLS VPN May Leak Information

Products Confirmed Not Vulnerable
+--------------------------------

Cisco products not configured for MPLS VPNs or VRF Lite are
unaffected by this vulnerability.

Cisco products that do not run IOS are unaffected by this
vulnerability.

Cisco IOS-XR is not affected.

[ GLSA 200807-01 ] Python: Multiple integer overflows

Affected packages
=================

    -------------------------------------------------------------------
     Package          /   Vulnerable   /                    Unaffected
    -------------------------------------------------------------------
  1  dev-lang/python      < 2.4.4-r13                     *>= 2.3.6-r6
                                                          >= 2.4.4-r13

Description

ERRATA: [ GLSA 200709-07 ] Eggdrop: Buffer overflow

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Errata
======

The unaffected ebuild, as reported in the original version of this 
Security Advisory, did not properly address all vulnerabilities.
All Eggdrop users should upgrade to net-irc/eggdrop-1.6.18-r3.


The corrected sections appear below.

[ GLSA 200801-07 ] Adobe Flash Player: Multiple vulnerabilities

Affected packages
=================

    -------------------------------------------------------------------
     Package                 /   Vulnerable   /             Unaffected
    -------------------------------------------------------------------
  1  net-www/netscape-flash      < 9.0.115.0              >= 9.0.115.0

Description
===========

Re: [gentoo-announce] [ GLSA 200710-30 ] OpenSSL: Remote execution of arbitrary code

Sorry, but it seems that it is the other way around--vulnerable are
versions < 0.9.8f, unaffected versions >= 0.9.8f.

Gru, Steffan



On Tue, Oct 30, 2007, Pierre-Yves Rofes wrote:
>

RE: XSS vulnerability in Cisco MeetingPlace

code when receiving invalid input for the STPL and FTPL
parameters.  The error message is properly and securely formatted
per the XML CDATA specification.

All 5.4 and 6.0 versions of Cisco Unified MeetingPlace Web
Conferencing are unaffected by this vulnerability.

To determine the software version of a Cisco Unified MeetingPlace
Web Conferencing server, access the MP server home page via a HTTP
session; the version information is provided at the bottom of the
home page.  The following output shows an example of the text

[ GLSA 200909-06 ] aMule: Parameter injection

Affected packages
=================

    -------------------------------------------------------------------
     Package        /  Vulnerable  /                        Unaffected
    -------------------------------------------------------------------
  1  net-p2p/amule       < 2.2.5                              >= 2.2.5

Description
===========

[ GLSA 200908-03 ] libTIFF: User-assisted execution of arbitrary code

Affected packages
=================

    -------------------------------------------------------------------
     Package          /  Vulnerable  /                      Unaffected
    -------------------------------------------------------------------
  1  media-libs/tiff     < 3.8.2-r8                        >= 3.8.2-r8

Description
===========

NSFOCUS SA2009-02 : IBM DB2 JDBC Applet Server Remote DoS Vulnerability

==============

IBM DB2 Universal Database v8.1 Fixpak 15 (v8.2 Fixpak 8) and lower versions
IBM DB2 Universal Database v8.1 Fixpak 17a (v8.2 Fixpak 10a)

Unaffected system:
==============

IBM DB2 Universal Database v8.1 Fixpak 18

Impact:

NSFOCUS SA2009-03 : Windows Kernel Malformed PE File Remote DoS Vulnerability

    Microsoft Windows 2000
    Microsoft Windows 2003
    Microsoft Windows Vista/SP1
    Microsoft Windows Server 2008

Unaffected system:
==============

   Microsoft Windows Vista SP2
   Microsoft Windows Server 2008 SP2
Next Page>>

Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!