Next Page >>
instructions
| | are not vulnerable. | |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | Vulnerable; first | organization per the |
| 12.2EWA | fixed in Release | instructions in the |
| | 12.2SG | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| 12.2EX | 12.2(55)EX | 12.2(55)EX3 |
| 12.1YH | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.4T |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.1YI | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.1YJ | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | are not vulnerable. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2EWA | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| 12.2EX | Not vulnerable | 12.2(55)EX3 |
| 12.2IRB | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.2SRC |
|------------+---------------------------+--------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IRC | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+--------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
|------------+--------------------------+---------------------------|
| 12.2CY | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2CZ | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2DA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
|------------+--------------------------+---------------------------|
| 12.2CY | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2CZ | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+--------------------------+---------------------------|
| 12.2DA | Not Vulnerable | Not Vulnerable |
|------------+--------------------------+---------------------------|
| | | are not vulnerable. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2EWA | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| 12.2EX | Not vulnerable | 12.2(55)EX3 |
| 12.2EW | Not vulnerable | including 12.2(20)EW4 |
| | | are not vulnerable. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2EWA | Not vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2EX | Not vulnerable | 12.2(55)EX3 |
| | | are not vulnerable. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2EWA | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| 12.2EX | Not vulnerable | 12.2(55)EX3 |
| 12.2EW | Not vulnerable | including 12.2(20)EW4 are |
| | | not vulnerable. |
|------------+------------------+----------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2EWA | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+------------------+----------------------------|
| 12.2EX | Not vulnerable | 12.2(55)EX3 |
|------------+------------------+----------------------------|
| 12.2EW | vulnerable | 12.2(20)EW4 are not |
| | | vulnerable. |
|------------+--------------+--------------------------------|
| | | Vulnerable; contact your |
| | Not | support organization per the |
| 12.2EWA | vulnerable | instructions in the Obtaining |
| | | Fixed Software section of this |
| | | advisory. |
|------------+--------------+--------------------------------|
| 12.2EX | Not | 12.2(55)EX3 |
| | vulnerable | |
exploitation of these flaws on x64 versions of Linux.
VULNERABILITY DETAILS
---------------------
This document describes two x64 instruction emulation flaws,
discovered by the author in the aforementioned versions of VMware
products, which allow user-mode code to cause an illegitimate
kernel-mode exception inside the virtual machine. If the guest
operating system kernel is not written to safely handle such an
exception, it may be possible for user-mode code to interfere with
| 12.2EW | Not vulnerable | 12.2(20)EW4 are not |
| | | vulnerable. |
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 12.2EWA | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| 12.2EX | 12.2(55)EX3 | 12.2(55)EX3 |
|------------+----------------+------------------------------|
| | | release 12.3(8)JEB2 and |
| | | later are not vulnerable |
|------------+---------------------------+--------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.3JEC | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+--------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.4 | Not Vulnerable | |
| | | 15.0(1)M1 |
|------------+---------------------------+---------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.4GC | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+---------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
versions of Linux.
VULNERABILITY DETAILS
---------------------
This document describes the first of two x64 instruction emulation
flaws, discovered by the author in the aforementioned versions of
VMware products, which allow user-mode code to cause an illegitimate
kernel-mode exception inside the virtual machine. If the guest
operating system kernel is not written to safely handle such an
exception, it may be possible for user-mode code to interfere with
| 12.2YF | Not Vulnerable | |
|------------+---------------------------------------+--------------|
| 12.2YG | Not Vulnerable | |
|------------+---------------------------------------+--------------|
| | Vulnerable; Contact your support | |
| 12.2YH | organization per the instructions in | |
| | Obtaining Fixed Software section of | |
| | this advisory | |
|------------+---------------------------------------+--------------|
| | Vulnerable; Contact your support | |
| 12.2YJ | organization per the instructions in | |
RESOLUTION
HP has provided firmware updates and preliminary firmware updates to resolve this vulnerability. The firmware updates and preliminary firmware updates are available as described below.
Note: Each firmware update has instructions for finding the firmware version installed on the product.
Product
Resolved in Firmware Version
HP LaserJet 4345mfp
RESOLUTION
HP has provided firmware updates and preliminary firmware updates to resolve this vulnerability. The firmware updates and preliminary firmware updates are available as described below.
Note: Each firmware update has instructions for finding the firmware version installed on the product.
Product
Resolved in Firmware Version
HP LaserJet 4345mfp
+ encode_int can generate; it is sufficient for creating buffers for
+ it to write into. This assumes that integers are at most 64 bits,
+ and so 10 bytes (with 7 bits of information each) are sufficient to
+ represent them. */
+#define MAX_ENCODED_INT_LEN 10
+/* This is at least as big as the largest size for a single instruction. */
+#define MAX_INSTRUCTION_LEN (2*MAX_ENCODED_INT_LEN+1)
+/* This is at least as big as the largest possible instructions
+ section: in theory, the instructions could be SVN_DELTA_WINDOW_SIZE
+ 1-byte copy-from-source instructions (though this is very unlikely). */
+#define MAX_INSTRUCTION_SECTION_LEN (SVN_DELTA_WINDOW_SIZE*MAX_INSTRUCTION_LEN)
| 12.4XK | Not Vulnerable | Vulnerable; first fixed in |
| | | 12.4T |
|------------+----------------------+-------------------------------|
| | | Vulnerable; Contact your |
| | | support organization per the |
| 12.4XL | Not Vulnerable | instructions in Obtaining |
| | | Fixed Software section of |
| | | this advisory |
|------------+----------------------+-------------------------------|
| 12.4XM | Not Vulnerable | Vulnerable; first fixed in |
| | | 12.4T |
version are encouraged to upgrade to Cisco Secure Desktop version
3.5.841.
Customers with active software licenses for Cisco Secure Desktop
versions 3.0 and 3.1 should send email to the following address for
instructions on migrating to non-vulnerable software:
csd-activex-inquiry@cisco.com
Workarounds
===========
understood in programming, the TrueType hinting language does offer the
other prerequisites of programming languages: conditional branching (IF
statements), looping an arbitrary number of times (FOR- and WHILE-type
statements), variables (although these are simply numbered slots in an
area of memory reserved by the font), and encapsulation of code into
functions. Special instructions called "delta hints" are the lowest level
control, moving a control point at just one pixel size."
There are two instructions for writing values to the Control Value Table
(CVT) which holds global variables that can be used by multiple glyphs.
One of these functions does not perform sufficient validation on the
allows you to set up your own online webshop within minutes. FWS is
written in the popular language PHP and uses a MySQL database. It is
designed to provide you with all the features you need from a webshop.
------------------------------------------------------------------------
Insecure installation instructions
------------------------------------------------------------------------
Besides changing the default password for the admin user and removing
the install.php script, no specific instructions are provided to secure
the installation of FWS. The manual assumes that FWS is installed on a
LAMP server (Linux, Apache, MySQL & PHP). If the ZIP archive is
| | | 23-OCT-2009 |
|------------+---------------------------------------+--------------|
| 12.4XN | Not Vulnerable | |
|------------+---------------------------------------+--------------|
| | Vulnerable; Contact your support | |
| 12.4XP | organization per the instructions in | |
| | Obtaining Fixed Software section of | |
| | this advisory | |
|------------+---------------------------------------+--------------|
| 12.4XQ | Not Vulnerable | |
|------------+---------------------------------------+--------------|
- --[ Vulnerabilities overview:
When fed with an html page featuring a very large SIZE parameter
in the SELECT tag, Opera deterministically segfaults on the
following instruction:
Program received signal SIGSEGV, Segmentation fault.
-----------------------------------------------------------------[regs]
eax:00000000 ebx:786C7FF8 ecx:0000001D edx:00000008 eflags:00010206
esi:5E063FF8 edi:00368084 esp:BFE5672C ebp:BFE56738 eip:080BACEB
| 12.2IRA | Vulnerable; first fixed in 12.2SRD | 12.2(33)SRD3 |
|------------+---------------------------------------+--------------|
| 12.2IRB | Vulnerable; first fixed in 12.2SRD | 12.2(33)SRD3 |
|------------+---------------------------------------+--------------|
| | Vulnerable; Contact your support | |
| 12.2IRC | organization per the instructions in | |
| | Obtaining Fixed Software section of | |
| | this advisory | |
|------------+---------------------------------------+--------------|
| 12.2IXA | Not Vulnerable | |
|------------+---------------------------------------+--------------|
configuration setting in Microsoft Windows. This method is called
setting the kill bit for the DLL. Once set, this method prevents
atucfobj.dll from loading, which prevents exploitation of the
vulnerability.
Instructions for setting the kill bit in Microsoft Windows are
available at the following location:
http://support.microsoft.com/kb/240797
Setting the kill bit for atucfobj.dll will persist even after a fixed
RESOLUTION
HP has provided firmware updates and preliminary firmware updates to resolve this vulnerability. The firmware updates and preliminary firmware updates are available as described below.
Note: Each firmware update has instructions for finding the firmware version installed on the product.
Product
Resolved in Firmware Version
HP LaserJet P3005
ciscocm.CSCso53771.security.patch.cop and can be downloaded at the
following link:
http://www.cisco.com/cgi-bin/tablebuild.pl/callmgr-utilpage?psrtdcat20e2
Please consult the COP file Readme for installation instructions.
Workarounds
===========
Administrators can mitigate this vulnerability by disabling the DRF
Next Page>>
|
