Next Page >>
applying
and you need to take no action. If your product is not configured
for automatic updates, then you simply need to run the update
utility included with your product.
CA Network and Systems Management (NSM) (formerly Unicenter
Network and Systems Management) r3.0: apply fix # RO11964.
CA Network and Systems Management (NSM) (formerly Unicenter
Network and Systems Management) r3.1: apply fix # RO11964.
CA Network and Systems Management (NSM) (formerly Unicenter
and you need to take no action. If your product is not configured
for automatic updates, then you simply need to run the update
utility included with your product.
CA Network and Systems Management (NSM) r11.1 SP1, and CA Common
Services (CCS) r11.1 SP1: apply fix #RO05417.
CA Common Services (CCS) r3.1: apply fix #RO05418.
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1:
apply fix #RO01955.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.0 Windows Update 1
VirtualCenter 2.5 Windows affected, patch pending
VirtualCenter 2.0.2 Windows affected, patch pending
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.1 Windows Update 1
vCenter 4.0 Windows affected, patch pending
VirtualCenter 2.5 Windows affected, no patch planned
versions.
Cisco has released free updated software for most supported releases.
A security patch file is also available for all supported versions
that will remediate this issue. The patch may be applied to active
systems without requiring a reload. Customers are advised to apply a
fixed version or upgrade to a fixed train. Customers who need to stay
on a version for which updated software is not currently available or
who can not immediately apply the update are advised to apply the
patch.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
Windows handles file names. The affected software is the Windows version
of the following web servers:
. Nginx Web Server [1]. The way Nginx handles files may differ when
they are requested using their 8.3 alias, and short file or path names
are not correctly handled when applying file handling rules or access
restrictions. By abusing of these flaws an attacker can bypass security
options implemented in the web server. For instance, 'file.shtml' will
become 'FILE~1.SHT'. This will cause the file to be handled as a '.sht'
file, not a '.shtml' file. The result of this is that instead of
processing SSI directives as would normally be the case with a '.shtml'
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 6.5.x any 6.5.1 build 126130 or later
Workstation 6.0.x any upgrade to at least 6.5.1
This vulnerability impacts only Linux and HP platforms.
Status and Recommendation:
The most prudent course of action for affected customers is to
download and apply the corrective maintenance. However, updates
are provided only for the following releases: 2.6 and r3
Important: Customers using products that embed an earlier version
of Ingres r3 should upgrade Ingres to the release that is
currently supported (3.0.3/103 on Linux and 3.0.3/211 on UNIX
has assigned the names CVE-2008-3691, CVE-2008-3692,
CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, CVE-2007-5438, and
CVE-2008-3696 to the security issues with VMware ActiveX controls.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 6.x Windows 6.0.5 build 109488 or later
Workstation 6.x Linux not affected
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2007-5671 to this issue.
VMware Product Running Replace with/
Product Version on Apply Patch
============ ======== ======= =================
Workstation 6.x Windows not affected
Workstation 6.x Linux not affected
Workstation 5.x Windows 5.5.6 build 80404 or later
Workstation 5.x Linux 5.5.6 build 80404 or later
The following table lists what action remediates the vulnerability
(column 4) if a solution is available. See above for remediation
details.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 7.x any not affected
Workstation 6.5.x any 6.5.4 build 246459 or later
The following table lists what action remediates the vulnerability
(column 4) if a solution is available. See above for remediation
details.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 7.x any not affected
Workstation 6.5.x any 6.5.4 build 246459 or later
File MD5 Sum - 0f1dcdabd534691a108bd4de56c17385
MANUAL ACTIONS: Yes - NonUpdate
Apply the appropriate file as described in the Resolution.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
Archive File MD5 Sum - 8a5ad60f2e2679a55051d761a7ca894a
MANUAL ACTIONS: Yes - NonUpdate
Apply the appropriate archive as described in the Resolution.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
Archive File - SSRT080024_NNM7.01.zip
Archive File MD5 Sum - b850bb0049ec13090304b7a05b0bc38c
MANUAL ACTIONS: Yes - NonUpdate
Apply the appropriate archive as described in the Resolution.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
Archive File MD5 Sum - 5165a25b88a9229b1cdc8f3b57a20ecd
MANUAL ACTIONS: Yes - NonUpdate
Apply the appropriate archive as described in the Resolution.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
Matt Lewis, Google.
Patches:
========
This patch applies to Subversion 1.6.x (apply with patch -p0 < patchfile):
[[[
Index: subversion/libsvn_delta/svndiff.c
===================================================================
--- subversion/libsvn_delta/svndiff.c (revision 38519)
Windows
NNM_01201 or subsequent
OV NNM v7.51
Upgrade to NNM v7.53 and apply the NNM v7.53 resolution listed above.
Patch bundles for upgrading from NNM v7.51 to NNM v7.53 are available using ftp:
Host
Account
Password
Windows
NNM_01197 or subsequent
OV NNM v7.51
Upgrade to NNM v7.53 and apply the NNM v7.53 resolution listed above.
Patch bundles for upgrading from NNM v7.51 to NNM v7.53 are available using ftp:
Host
Account
Password
Windows
NNM_01198 or subsequent
OV NNM v7.51
Upgrade to NNM v7.53 and apply the NNM v7.53 resolution listed above.
Patch bundles for upgrading from NNM v7.51 to NNM v7.53 are available using ftp:
Host
Account
Password
Windows
NNM_01203 or subsequent
OV NNM v7.51
Upgrade to NNM v7.53 and apply the NNM v7.53 resolution listed above.
Patch bundles for upgrading from NNM v7.51 to NNM v7.53 are available using ftp:
Host
Account
Password
Status and Recommendation:
CA has provided updates to address the vulnerabilities.
CA ARCserve Backup for Laptops and Desktops (BMB) r4.0:
Apply QO91013.
CA ARCserve Backup for Laptops and Desktops 11.1:
Apply QO91014.
CA Desktop Management Suite 11.1:
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
========= ======== ======= =================
vCenter any Windows not affected
hosted* any any not affected
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product * Version on Apply Patch **
============= ======== ======= =================
vCenter any Windows not affected
Workstation 8.x any not affected
Moritz Naumann discovered that Horde allows remote attackers
to inject arbitrary web script or HTML in the context of a logged
in user (cross site scripting).
This vulnerability applies to oldstable (sarge) only.
CVE-2006-3549
Moritz Naumann discovered that Horde does not properly restrict
its image proxy, allowing remote attackers to use the server as a
to crash. This causes a service outage for all clients connected to that
AP. The AP recovers automatically by restarting. An attacker could
however cause a prolonged DoS condition by flooding the WLAN with
malicious probe request frames.
This vulnerability applies equally to both encrypted and unencrypted
WLANs. This vulnerability does not affect wired devices connected the
Aruba Mobility Controller.
CVSS v2 BASE METRIC SCORE: 6.1 (AV:A/AC:L/Au:N/C:N/I:N/A:C)
An unauthenticated attacker can run arbitrary system commands on the
device as root user. This could lead to a full compromise of the device's
operating system.
This vulnerability applies only to the Aruba Remote Access Point and other
Aruba devices are not affected.
CVSS v2 BASE METRIC SCORE: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Next Page>>
|
