ID de Prueba:	1.3.6.1.4.1.25623.1.0.103468
Categoría:	VMware Local Security Checks
Título:	VMware ESXi utilities and ESX Service Console third party updates (VMSA-2010-0009)
Resumen:	The remote ESXi is missing one or more security related Updates from VMSA-2010-0009.
Descripción:	Summary: The remote ESXi is missing one or more security related Updates from VMSA-2010-0009. Vulnerability Insight: ESXi update for ntp and ESX Console OS (COS) updates for COS kernel, openssl, krb5, gcc, bind, gzip, sudo resolve multiple security issues: a. Service Console update for COS kernel Updated COS package 'kernel' addresses the security issues that are fixed through versions 2.6.18-164.11.1. b. ESXi userworld update for ntp A vulnerability in ntpd could allow a remote attacker to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons. c. Service Console package openssl updated to 0.9.8e-12.el5_4.1 A memory leak in the zlib could allow a remote attacker to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function. d. Service Console update for krb5 to 1.6.1-36.el5_4.1 and pam_krb5 to 2.2.14-15. Multiple integer underflows in the AES and RC4 functionality in the crypto library could allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid. e. Service Console package bind updated to 9.3.6-4.P1.el5_4.2 A vulnerability was discovered which could allow remote attacker to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. f. Service Console package gcc updated to 3.2.3-60 GNU Libtool's ltdl.c attempts to open .la library files in the current working directory. This could allow a local user to gain privileges via a Trojan horse file. The GNU C Compiler collection (gcc) provided in ESX contains a statically linked version of the vulnerable code, and is being replaced. g. Service Console package gzip update to 1.3.3-15.rhel3 An integer underflow in gzip's unlzw function on 64-bit platforms may allow a remote attacker to trigger an array index error leading to a denial of service (application crash) or possibly execute arbitrary code via a crafted LZW compressed file. h. Service Console package sudo updated to 1.6.9p17-6.el5_4 When a pseudo-command is enabled, sudo permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file. Affected Software/OS: VMware ESXi 4.0.0 without patch ESXi400-201005401-SG VMware ESX 4.0.0 without patches ESX400-201005401-SG, ESX400-201005406-SG, ESX400-201005408-SG, ESX400-201005407-SG, ESX400-201005405-SG, ESX400-201005409-SG VMware ESX 3.5 without patches ESX350-201006408-SG, ESX350-201006405-SG, ESX350-201006406-SG Solution: Apply the missing patch(es). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2695 BugTraq ID: 36051 http://www.securityfocus.com/bid/36051 Debian Security Information: DSA-2005 (Google Search) http://www.debian.org/security/2010/dsa-2005 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01256.html http://twitter.com/spendergrsec/statuses/3303390960 http://www.openwall.com/lists/oss-security/2009/08/17/4 http://lists.vmware.com/pipermail/security-announce/2010/000082.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7144 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9882 RedHat Security Advisories: RHSA-2009:1540 https://rhn.redhat.com/errata/RHSA-2009-1540.html RedHat Security Advisories: RHSA-2009:1548 https://rhn.redhat.com/errata/RHSA-2009-1548.html http://www.redhat.com/support/errata/RHSA-2009-1672.html http://secunia.com/advisories/36501 http://secunia.com/advisories/37105 http://secunia.com/advisories/38794 http://secunia.com/advisories/38834 http://www.ubuntu.com/usn/USN-852-1 http://www.vupen.com/english/advisories/2010/0528 Common Vulnerability Exposure (CVE) ID: CVE-2009-2908 36639 http://www.securityfocus.com/bid/36639 37075 http://secunia.com/advisories/37075 37105 38794 38834 ADV-2010-0528 FEDORA-2009-10525 https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00483.html RHSA-2009:1548 USN-852-1 [oss-security] 20091006 Kernel ecryptfs CVE id (CVE-2009-2908) http://www.openwall.com/lists/oss-security/2009/10/06/1 [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.31.y.git%3Ba=commit%3Bh=afc2b6932f48f200736d3e36ad66fee0ec733136 https://bugs.launchpad.net/ecryptfs/+bug/387073 https://bugzilla.redhat.com/show_bug.cgi?id=527534 kernel-ecryptfs-dos(53693) https://exchange.xforce.ibmcloud.com/vulnerabilities/53693 oval:org.mitre.oval:def:10216 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10216 oval:org.mitre.oval:def:6992 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6992 Common Vulnerability Exposure (CVE) ID: CVE-2009-3228 http://www.mandriva.com/security/advisories?name=MDVSA-2010:198 http://www.openwall.com/lists/oss-security/2009/09/03/1 http://www.openwall.com/lists/oss-security/2009/09/05/2 http://www.openwall.com/lists/oss-security/2009/09/06/2 http://www.openwall.com/lists/oss-security/2009/09/07/2 http://www.openwall.com/lists/oss-security/2009/09/17/1 http://www.openwall.com/lists/oss-security/2009/09/17/9 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6757 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9409 http://www.redhat.com/support/errata/RHSA-2009-1522.html http://www.securitytracker.com/id?1023073 http://secunia.com/advisories/37084 http://www.ubuntu.com/usn/usn-864-1 Common Vulnerability Exposure (CVE) ID: CVE-2009-3286 http://www.openwall.com/lists/oss-security/2009/09/21/2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7527 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9757 SuSE Security Announcement: SUSE-SA:2010:012 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html Common Vulnerability Exposure (CVE) ID: CVE-2009-3547 20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel http://www.securityfocus.com/archive/1/512019/100/0/threaded 36901 http://www.securityfocus.com/bid/36901 37351 http://secunia.com/advisories/37351 38017 http://secunia.com/advisories/38017 FEDORA-2009-11038 https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html MDVSA-2009:329 http://www.mandriva.com/security/advisories?name=MDVSA-2009:329 RHSA-2009:1540 RHSA-2009:1541 https://rhn.redhat.com/errata/RHSA-2009-1541.html RHSA-2009:1550 https://rhn.redhat.com/errata/RHSA-2009-1550.html RHSA-2009:1672 SUSE-SA:2009:054 http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html SUSE-SA:2009:056 http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html SUSE-SA:2010:001 http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html SUSE-SA:2010:012 USN-864-1 [linux-kernel] 20091014 fs/pipe.c null pointer dereference http://lkml.org/lkml/2009/10/14/184 [linux-kernel] 20091021 Re: [PATCH v4 1/1]: fs: pipe.c null pointer dereference + really sign off + unmangled diffs http://lkml.org/lkml/2009/10/21/42 [oss-security] 20091103 CVE-2009-3547 kernel: fs: pipe.c null pointer dereference http://marc.info/?l=oss-security&m=125724568017045&w=2 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad3960243e55320d74195fb85c975e0a8cc4466c http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc6 https://bugzilla.redhat.com/show_bug.cgi?id=530490 oval:org.mitre.oval:def:11513 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11513 oval:org.mitre.oval:def:7608 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7608 oval:org.mitre.oval:def:9327 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9327 Common Vulnerability Exposure (CVE) ID: CVE-2009-3613 36706 http://www.securityfocus.com/bid/36706 37909 http://secunia.com/advisories/37909 RHSA-2009:1671 http://www.redhat.com/support/errata/RHSA-2009-1671.html SUSE-SA:2009:064 http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html [oss-security] 20091015 Re: CVE request kernel: flood ping cause http://marc.info/?l=oss-security&m=125561712529352&w=2 http://bugzilla.kernel.org/show_bug.cgi?id=9468 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=97d477a914b146e7e6722ded21afa79886ae8ccd http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a866bbf6aacf95f849810079442a20be118ce905 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.22 https://bugzilla.redhat.com/show_bug.cgi?id=529137 oval:org.mitre.oval:def:10209 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10209 oval:org.mitre.oval:def:7377 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7377 Common Vulnerability Exposure (CVE) ID: CVE-2009-3612 37086 http://secunia.com/advisories/37086 RHSA-2009:1670 http://www.redhat.com/support/errata/RHSA-2009-1670.html SUSE-SA:2009:061 http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html [oss-security] 20091014 CVE request kernel: tcf_fill_node() infoleak due to typo in 9ef1d4c7 http://www.openwall.com/lists/oss-security/2009/10/14/2 [oss-security] 20091014 Re: CVE request kernel: tcf_fill_node() infoleak due to typo in 9ef1d4c7 http://www.openwall.com/lists/oss-security/2009/10/15/1 [oss-security] 20091014 Re: CVE request: kernel: tc: uninitialised kernel memory leak http://www.openwall.com/lists/oss-security/2009/10/14/1 [oss-security] 20091015 Re: CVE request kernel: tcf_fill_node() infoleak due to typo in 9ef1d4c7 http://www.openwall.com/lists/oss-security/2009/10/15/3 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad61df918c44316940404891d5082c63e79c256a http://patchwork.ozlabs.org/patch/35412/ http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc5 https://bugzilla.redhat.com/show_bug.cgi?id=528868 oval:org.mitre.oval:def:10395 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10395 oval:org.mitre.oval:def:7557 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7557 Common Vulnerability Exposure (CVE) ID: CVE-2009-3620 36707 http://secunia.com/advisories/36707 36824 http://www.securityfocus.com/bid/36824 MDVSA-2010:088 http://www.mandriva.com/security/advisories?name=MDVSA-2010:088 MDVSA-2010:198 RHSA-2010:0882 http://www.redhat.com/support/errata/RHSA-2010-0882.html SUSE-SA:2010:013 http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html [linux-kernel] 20090921 [git pull] drm tree. http://article.gmane.org/gmane.linux.kernel/892259 [oss-security] 20091019 CVE request: kernel: r128 IOCTL NULL pointer dereferences when CCE state is uninitialised http://www.openwall.com/lists/oss-security/2009/10/19/1 [oss-security] 20091019 Re: CVE request: kernel: r128 IOCTL NULL pointer dereferences when CCE state is uninitialised http://www.openwall.com/lists/oss-security/2009/10/19/3 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7dc482dfeeeefcfd000d4271c4626937406756d7 http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.31-git11.log https://bugzilla.redhat.com/show_bug.cgi?id=529597 oval:org.mitre.oval:def:6763 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6763 oval:org.mitre.oval:def:9891 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9891 Common Vulnerability Exposure (CVE) ID: CVE-2009-3621 [linux-kernel] 20091019 Re: [PATCH] AF_UNIX: Fix deadlock on connecting to shutdown socket http://lkml.org/lkml/2009/10/19/50 [oss-security] 20091019 CVE request: kernel: AF_UNIX: Fix deadlock on connecting to shutdown socket http://www.openwall.com/lists/oss-security/2009/10/19/2 [oss-security] 20091019 Re: CVE request: kernel: AF_UNIX: Fix deadlock on connecting to shutdown socket http://www.openwall.com/lists/oss-security/2009/10/19/4 http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=77238f2b942b38ab4e7f3aced44084493e4a8675 http://patchwork.kernel.org/patch/54678/ https://bugzilla.redhat.com/show_bug.cgi?id=529626 oval:org.mitre.oval:def:6895 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6895 oval:org.mitre.oval:def:9921 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9921 Common Vulnerability Exposure (CVE) ID: CVE-2009-3726 36936 http://www.securityfocus.com/bid/36936 40218 http://secunia.com/advisories/40218 DSA-2005 MDVSA-2011:051 http://www.mandriva.com/security/advisories?name=MDVSA-2011:051 RHSA-2010:0474 http://www.redhat.com/support/errata/RHSA-2010-0474.html [linux-nfs] 20081022 kernel oops in nfs4_proc_lock http://www.spinics.net/linux/lists/linux-nfs/msg03357.html [oss-security] 20091105 CVE request: kernel: NULL pointer dereference in nfs4_proc_lock() http://www.openwall.com/lists/oss-security/2009/11/05/1 [oss-security] 20091105 Re: CVE request: kernel: NULL pointer dereference in nfs4_proc_lock() http://www.openwall.com/lists/oss-security/2009/11/05/4 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d953126a28f97ec965d23c69fd5795854c048f30 http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.31/ChangeLog-2.6.31-rc4 https://bugzilla.redhat.com/show_bug.cgi?id=529227 oval:org.mitre.oval:def:6636 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6636 oval:org.mitre.oval:def:9734 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9734 Common Vulnerability Exposure (CVE) ID: CVE-2007-4567 25505 http://secunia.com/advisories/25505 26943 http://www.securityfocus.com/bid/26943 28170 http://secunia.com/advisories/28170 28706 http://secunia.com/advisories/28706 38015 http://secunia.com/advisories/38015 RHSA-2010:0019 http://www.redhat.com/support/errata/RHSA-2010-0019.html RHSA-2010:0053 http://www.redhat.com/support/errata/RHSA-2010-0053.html RHSA-2010:0095 https://rhn.redhat.com/errata/RHSA-2010-0095.html USN-558-1 https://usn.ubuntu.com/558-1/ USN-574-1 http://www.ubuntu.com/usn/usn-574-1 http://bugzilla.kernel.org/show_bug.cgi?id=8450 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e76b2b2567b83448c2ee85a896433b96150c92e6 https://bugzilla.redhat.com/show_bug.cgi?id=548641 linux-kernel-ipv6-dos(39171) https://exchange.xforce.ibmcloud.com/vulnerabilities/39171 oval:org.mitre.oval:def:11083 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11083 oval:org.mitre.oval:def:7474 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7474 Common Vulnerability Exposure (CVE) ID: CVE-2009-4536 BugTraq ID: 37519 http://www.securityfocus.com/bid/37519 Debian Security Information: DSA-1996 (Google Search) http://www.debian.org/security/2010/dsa-1996 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/ http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html http://www.openwall.com/lists/oss-security/2009/12/28/1 http://www.openwall.com/lists/oss-security/2009/12/29/2 http://www.openwall.com/lists/oss-security/2009/12/31/1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10607 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12440 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13226 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7453 http://www.redhat.com/support/errata/RHSA-2010-0020.html http://www.redhat.com/support/errata/RHSA-2010-0041.html RedHat Security Advisories: RHSA-2010:0095 http://www.redhat.com/support/errata/RHSA-2010-0111.html http://securitytracker.com/id?1023420 http://secunia.com/advisories/35265 http://secunia.com/advisories/38031 http://secunia.com/advisories/38276 http://secunia.com/advisories/38296 http://secunia.com/advisories/38492 http://secunia.com/advisories/38610 http://secunia.com/advisories/38779 SuSE Security Announcement: SUSE-SA:2010:005 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html SuSE Security Announcement: SUSE-SA:2010:007 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00008.html SuSE Security Announcement: SUSE-SA:2010:010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html SuSE Security Announcement: SUSE-SA:2010:013 (Google Search) SuSE Security Announcement: SUSE-SA:2010:014 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html XForce ISS Database: kernel-e1000main-security-bypass(55648) https://exchange.xforce.ibmcloud.com/vulnerabilities/55648 Common Vulnerability Exposure (CVE) ID: CVE-2009-4537 BugTraq ID: 37521 http://www.securityfocus.com/bid/37521 Debian Security Information: DSA-2053 (Google Search) http://www.debian.org/security/2010/dsa-2053 http://twitter.com/dakami/statuses/7104238406 http://marc.info/?l=linux-netdev&m=126202972828626&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7443 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9439 http://securitytracker.com/id?1023419 http://secunia.com/advisories/39742 http://secunia.com/advisories/39830 http://secunia.com/advisories/40645 SuSE Security Announcement: SUSE-SA:2010:023 (Google Search) http://www.novell.com/linux/security/advisories/2010_23_kernel.html SuSE Security Announcement: SUSE-SA:2010:031 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html http://www.vupen.com/english/advisories/2010/1857 XForce ISS Database: kernel-r8169-dos(55647) https://exchange.xforce.ibmcloud.com/vulnerabilities/55647 Common Vulnerability Exposure (CVE) ID: CVE-2009-4538 BugTraq ID: 37523 http://www.securityfocus.com/bid/37523 http://www.mandriva.com/security/advisories?name=MDVSA-2010:066 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7016 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9702 XForce ISS Database: kernel-edriver-unspecified(55645) https://exchange.xforce.ibmcloud.com/vulnerabilities/55645 Common Vulnerability Exposure (CVE) ID: CVE-2006-6304 BugTraq ID: 21591 http://www.securityfocus.com/bid/21591 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10797 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7446 RedHat Security Advisories: RHSA-2010:0046 https://rhn.redhat.com/errata/RHSA-2010-0046.html http://secunia.com/advisories/23349 http://www.trustix.org/errata/2006/0074/ http://www.vupen.com/english/advisories/2006/5002 Common Vulnerability Exposure (CVE) ID: CVE-2009-2910 36576 http://www.securityfocus.com/bid/36576 36927 http://secunia.com/advisories/36927 RHSA-2010:0046 [linux-kernel] 20091001 [tip:x86/urgent] x86: Don't leak 64-bit kernel register values to 32-bit processes http://lkml.org/lkml/2009/10/1/164 [oss-security] 20091001 CVE Request (kernel) http://marc.info/?l=oss-security&m=125442304214452&w=2 [oss-security] 20091001 Re: CVE Request (kernel) http://www.openwall.com/lists/oss-security/2009/10/02/1 [oss-security] 20091002 Re: CVE Request (kernel) http://marc.info/?l=oss-security&m=125444390112831&w=2 [oss-security] 20091009 Re: CVE Request (kernel) http://marc.info/?l=oss-security&m=125511635004768&w=2 http://git.kernel.org/?p=linux/kernel/git/x86/linux-2.6-tip.git%3Ba=commit%3Bh=24e35800cdc4350fc34e2bed37b608a9e13ab3b6 http://support.avaya.com/css/P8/documents/100073666 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.4 https://bugzilla.redhat.com/show_bug.cgi?id=526788 oval:org.mitre.oval:def:10823 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10823 oval:org.mitre.oval:def:7359 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7359 Common Vulnerability Exposure (CVE) ID: CVE-2009-3080 37068 http://www.securityfocus.com/bid/37068 37435 http://secunia.com/advisories/37435 37720 http://secunia.com/advisories/37720 38276 FEDORA-2009-13098 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00777.html MDVSA-2010:030 http://www.mandriva.com/security/advisories?name=MDVSA-2010:030 RHSA-2010:0041 SUSE-SA:2010:005 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=690e744869f3262855b83b4fb59199cf142765b0 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc8 http://www.vmware.com/security/advisories/VMSA-2011-0009.html oval:org.mitre.oval:def:10989 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10989 oval:org.mitre.oval:def:12862 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12862 oval:org.mitre.oval:def:7101 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7101 Common Vulnerability Exposure (CVE) ID: CVE-2009-3556 SUSE-SA:2010:019 http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00007.html [oss-security] 20100120 CVE-2009-3556 kernel: qla2xxx NPIV vport management pseudofiles are world writable http://www.openwall.com/lists/oss-security/2010/01/20/2 https://bugzilla.redhat.com/show_bug.cgi?id=537177 kernel-qla2xxx-security-bypass(55809) https://exchange.xforce.ibmcloud.com/vulnerabilities/55809 oval:org.mitre.oval:def:6744 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6744 oval:org.mitre.oval:def:9738 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9738 Common Vulnerability Exposure (CVE) ID: CVE-2009-3889 37019 http://www.securityfocus.com/bid/37019 60202 http://osvdb.org/60202 [oss-security] 20091113 CVE request: kernel: bad permissions on megaraid_sas sysfs files http://www.openwall.com/lists/oss-security/2009/11/13/1 [oss-security] 20091113 Re: CVE request: kernel: bad permissions on megaraid_sas sysfs files http://www.openwall.com/lists/oss-security/2009/11/13/4 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=66dca9b8c50b5e59d3bea8b21cee5c6dae6c9c46 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27 https://bugzilla.redhat.com/show_bug.cgi?id=526068 oval:org.mitre.oval:def:11018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11018 oval:org.mitre.oval:def:7163 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7163 Common Vulnerability Exposure (CVE) ID: CVE-2009-3939 BugTraq ID: 37019 http://osvdb.org/60201 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10310 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7540 SuSE Security Announcement: SUSE-SA:2009:061 (Google Search) SuSE Security Announcement: SUSE-SA:2009:064 (Google Search) SuSE Security Announcement: SUSE-SA:2010:001 (Google Search) Common Vulnerability Exposure (CVE) ID: CVE-2009-4020 39742 SUSE-SA:2010:023 [linux-mm-commits] 20091203 + hfs-fix-a-potential-buffer-overflow.patch added to -mm tree http://marc.info/?l=linux-mm-commits&m=125987755823047&w=2 [oss-security] 20091204 CVE-2009-4020 kernel: hfs buffer overflow http://www.openwall.com/lists/oss-security/2009/12/04/1 http://userweb.kernel.org/~akpm/mmotm/broken-out/hfs-fix-a-potential-buffer-overflow.patch https://bugzilla.redhat.com/show_bug.cgi?id=540736 oval:org.mitre.oval:def:10091 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10091 oval:org.mitre.oval:def:6750 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6750 Common Vulnerability Exposure (CVE) ID: CVE-2009-4021 37069 http://www.securityfocus.com/bid/37069 [oss-security] 20091119 CVE request: kernel: fuse: prevent fuse_put_request on invalid pointer http://www.openwall.com/lists/oss-security/2009/11/19/1 [oss-security] 20091124 Re: CVE request: kernel: fuse: prevent fuse_put_request on invalid pointer http://www.openwall.com/lists/oss-security/2009/11/24/5 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f60311d5f7670d9539b424e4ed8b5c0872fc9e83 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc7 https://bugzilla.redhat.com/show_bug.cgi?id=538734 kernel-fusedirectio-dos(54358) https://exchange.xforce.ibmcloud.com/vulnerabilities/54358 oval:org.mitre.oval:def:10516 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10516 oval:org.mitre.oval:def:6955 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6955 Common Vulnerability Exposure (CVE) ID: CVE-2009-4138 37339 http://www.securityfocus.com/bid/37339 [oss-security] 20091215 CVE-2009-4138 kernel: firewire: ohci: handle receive packets with a data length of zero http://www.openwall.com/lists/oss-security/2009/12/15/1 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8c0c0cc2d9f4c523fde04bdfe41e4380dec8ee54 http://patchwork.kernel.org/patch/66747/ http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.32-git9.log https://bugzilla.redhat.com/show_bug.cgi?id=547236 oval:org.mitre.oval:def:7376 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7376 oval:org.mitre.oval:def:9527 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9527 Common Vulnerability Exposure (CVE) ID: CVE-2009-4141 20100114 Locked fasync file descriptors can be referenced after free in >= 2.6.28 http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0252.html 37806 http://www.securityfocus.com/bid/37806 38199 http://secunia.com/advisories/38199 39033 http://secunia.com/advisories/39033 RHSA-2010:0161 http://www.redhat.com/support/errata/RHSA-2010-0161.html SUSE-SA:2010:010 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=53281b6d34d44308372d16acb7fb5327609f68b6 http://lock.cmpxchg8b.com/5ebe2294ecd0e0f08eab7690d2a6ee69/create_elf_tables.c http://twitter.com/taviso/statuses/7744108017 http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.33-rc4-git1.bz2 https://bugzilla.redhat.com/show_bug.cgi?id=547906 oval:org.mitre.oval:def:7054 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7054 oval:org.mitre.oval:def:9201 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9201 Common Vulnerability Exposure (CVE) ID: CVE-2009-4272 [oss-security] 20100120 CVE-2009-4272 kernel: emergency route cache flushing leads to node deadlock http://www.openwall.com/lists/oss-security/2010/01/20/1 [oss-security] 20100120 Re: CVE-2009-4272 kernel: emergency route cache flushing leads to node deadlock http://www.openwall.com/lists/oss-security/2010/01/20/6 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=73e42897e8e5619eacb787d2ce69be12f47cfc21 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b6280b47a7a42970d098a3059f4ebe7e55e90d8d http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31 https://bugzilla.redhat.com/show_bug.cgi?id=545411 linux-kernel-routing-dos(55808) https://exchange.xforce.ibmcloud.com/vulnerabilities/55808 oval:org.mitre.oval:def:11167 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11167 oval:org.mitre.oval:def:7026 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7026 Common Vulnerability Exposure (CVE) ID: CVE-2009-3563 AIX APAR: IZ68659 http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659 AIX APAR: IZ71047 http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047 BugTraq ID: 37255 http://www.securityfocus.com/bid/37255 CERT/CC vulnerability note: VU#417980 https://www.kb.cert.org/vuls/id/417980 CERT/CC vulnerability note: VU#568372 http://www.kb.cert.org/vuls/id/568372 Debian Security Information: DSA-1948 (Google Search) http://www.debian.org/security/2009/dsa-1948 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00763.html https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00809.html HPdes Security Advisory: HPSBUX02639 http://marc.info/?l=bugtraq&m=130168580504508&w=2 HPdes Security Advisory: HPSBUX02859 http://marc.info/?l=bugtraq&m=136482797910018&w=2 HPdes Security Advisory: SSRT100293 HPdes Security Advisory: SSRT101144 https://lists.ntp.org/pipermail/announce/2009-December/000086.html NETBSD Security Advisory: NetBSD-SA2010-005 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11225 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12141 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19376 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7076 RedHat Security Advisories: RHSA-2009:1648 https://rhn.redhat.com/errata/RHSA-2009-1648.html RedHat Security Advisories: RHSA-2009:1651 https://rhn.redhat.com/errata/RHSA-2009-1651.html http://securitytracker.com/id?1023298 http://secunia.com/advisories/37629 http://secunia.com/advisories/37922 http://secunia.com/advisories/38764 http://secunia.com/advisories/38832 http://secunia.com/advisories/39593 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1 http://www.vupen.com/english/advisories/2010/0510 http://www.vupen.com/english/advisories/2010/0993 Common Vulnerability Exposure (CVE) ID: CVE-2009-4355 Debian Security Information: DSA-1970 (Google Search) http://www.debian.org/security/2010/dsa-1970 http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html HPdes Security Advisory: HPSBUX02517 http://marc.info/?l=bugtraq&m=127128920008563&w=2 HPdes Security Advisory: SSRT100058 http://www.mandriva.com/security/advisories?name=MDVSA-2010:022 http://www.openwall.com/lists/oss-security/2010/01/13/3 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11260 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12168 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6678 http://secunia.com/advisories/38175 http://secunia.com/advisories/38181 http://secunia.com/advisories/38200 http://secunia.com/advisories/38761 http://secunia.com/advisories/39461 http://secunia.com/advisories/42724 http://secunia.com/advisories/42733 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049 SuSE Security Announcement: SUSE-SA:2010:008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://www.ubuntu.com/usn/USN-884-1 http://www.vupen.com/english/advisories/2010/0124 http://www.vupen.com/english/advisories/2010/0839 http://www.vupen.com/english/advisories/2010/0916 Common Vulnerability Exposure (CVE) ID: CVE-2009-2409 1022631 http://www.securitytracker.com/id?1022631 20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console http://www.securityfocus.com/archive/1/515055/100/0/threaded 36139 http://secunia.com/advisories/36139 36157 http://secunia.com/advisories/36157 36434 http://secunia.com/advisories/36434 36669 http://secunia.com/advisories/36669 36739 http://secunia.com/advisories/36739 37386 http://secunia.com/advisories/37386 42467 http://secunia.com/advisories/42467 ADV-2009-2085 http://www.vupen.com/english/advisories/2009/2085 ADV-2009-3184 http://www.vupen.com/english/advisories/2009/3184 ADV-2010-3126 http://www.vupen.com/english/advisories/2010/3126 APPLE-SA-2009-11-09-1 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html DSA-1874 http://www.debian.org/security/2009/dsa-1874 DSA-1888 https://www.debian.org/security/2009/dsa-1888 GLSA-200911-02 http://security.gentoo.org/glsa/glsa-200911-02.xml GLSA-200912-01 http://security.gentoo.org/glsa/glsa-200912-01.xml MDVSA-2009:197 http://www.mandriva.com/security/advisories?name=MDVSA-2009:197 MDVSA-2009:216 http://www.mandriva.com/security/advisories?name=MDVSA-2009:216 MDVSA-2009:258 http://www.mandriva.com/security/advisories?name=MDVSA-2009:258 MDVSA-2010:084 http://www.mandriva.com/security/advisories?name=MDVSA-2010:084 RHSA-2009:1207 http://www.redhat.com/support/errata/RHSA-2009-1207.html RHSA-2009:1432 http://www.redhat.com/support/errata/RHSA-2009-1432.html USN-810-1 http://www.ubuntu.com/usn/usn-810-1 USN-810-2 https://usn.ubuntu.com/810-2/ [syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html [syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html http://java.sun.com/j2se/1.5.0/ReleaseNotes.html http://java.sun.com/javase/6/webnotes/6u17.html http://support.apple.com/kb/HT3937 http://www.vmware.com/security/advisories/VMSA-2010-0019.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409 oval:org.mitre.oval:def:10763 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10763 oval:org.mitre.oval:def:6631 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6631 oval:org.mitre.oval:def:7155 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7155 oval:org.mitre.oval:def:8594 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8594 Common Vulnerability Exposure (CVE) ID: CVE-2009-0590 1021905 http://securitytracker.com/id?1021905 20090403 rPSA-2009-0057-1 m2crypto openssl openssl-scripts http://www.securityfocus.com/archive/1/502429/100/0/threaded 258048 http://sunsolve.sun.com/search/document.do?assetkey=1-26-258048-1 34256 http://www.securityfocus.com/bid/34256 34411 http://secunia.com/advisories/34411 34460 http://secunia.com/advisories/34460 34509 http://secunia.com/advisories/34509 34561 http://secunia.com/advisories/34561 34666 http://secunia.com/advisories/34666 34896 http://secunia.com/advisories/34896 34960 http://secunia.com/advisories/34960 35065 http://secunia.com/advisories/35065 35181 http://secunia.com/advisories/35181 35380 http://secunia.com/advisories/35380 35729 http://secunia.com/advisories/35729 36533 http://secunia.com/advisories/36533 36701 http://secunia.com/advisories/36701 42724 42733 52864 http://www.osvdb.org/52864 ADV-2009-0850 http://www.vupen.com/english/advisories/2009/0850 ADV-2009-1020 http://www.vupen.com/english/advisories/2009/1020 ADV-2009-1175 http://www.vupen.com/english/advisories/2009/1175 ADV-2009-1220 http://www.vupen.com/english/advisories/2009/1220 ADV-2009-1548 http://www.vupen.com/english/advisories/2009/1548 APPLE-SA-2009-09-10-2 http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html DSA-1763 http://www.debian.org/security/2009/dsa-1763 FreeBSD-SA-09:08 http://security.FreeBSD.org/advisories/FreeBSD-SA-09:08.openssl.asc HPSBMA02447 http://marc.info/?l=bugtraq&m=125017764422557&w=2 HPSBOV02540 http://marc.info/?l=bugtraq&m=127678688104458&w=2 HPSBUX02435 http://marc.info/?l=bugtraq&m=124464882609472&w=2 MDVSA-2009:087 http://www.mandriva.com/security/advisories?name=MDVSA-2009:087 NetBSD-SA2009-008 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc RHSA-2009:1335 http://www.redhat.com/support/errata/RHSA-2009-1335.html SSRT090059 SSRT090062 SUSE-SR:2009:010 http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html SUSE-SU-2011:0847 http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html USN-750-1 http://www.ubuntu.com/usn/usn-750-1 http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847 http://support.apple.com/kb/HT3865 http://support.avaya.com/elmodocs2/security/ASA-2009-172.htm http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html http://wiki.rpath.com/Advisories:rPSA-2009-0057 http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0057 http://www.openssl.org/news/secadv_20090325.txt http://www.php.net/archive/2009.php#id2009-04-08-1 https://kb.bluecoat.com/index?page=content&id=SA50 openSUSE-SU-2011:0845 http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html openssl-asn1-stringprintex-dos(49431) https://exchange.xforce.ibmcloud.com/vulnerabilities/49431 oval:org.mitre.oval:def:10198 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10198 oval:org.mitre.oval:def:6996 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6996 Common Vulnerability Exposure (CVE) ID: CVE-2009-1377 1022241 http://www.securitytracker.com/id?1022241 35001 http://www.securityfocus.com/bid/35001 35128 http://secunia.com/advisories/35128 35416 http://secunia.com/advisories/35416 35461 http://secunia.com/advisories/35461 35571 http://secunia.com/advisories/35571 37003 http://secunia.com/advisories/37003 38761 ADV-2009-1377 http://www.vupen.com/english/advisories/2009/1377 HPSBMA02492 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 MDVSA-2009:120 http://www.mandriva.com/security/advisories?name=MDVSA-2009:120 NetBSD-SA2009-009 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc SSA:2010-060-02 SSRT100079 SUSE-SR:2009:011 http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html USN-792-1 http://www.ubuntu.com/usn/USN-792-1 [openssl-dev] 20090516 [openssl.org #1930] [PATCH] DTLS record buffer limitation bug http://marc.info/?l=openssl-dev&m=124247675613888&w=2 [oss-security] 20090518 Two OpenSSL DTLS remote DoS http://www.openwall.com/lists/oss-security/2009/05/18/1 http://cvs.openssl.org/chngview?cn=18187 http://rt.openssl.org/Ticket/Display.html?id=1930&user=guest&pass=guest http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html https://launchpad.net/bugs/cve/2009-1377 oval:org.mitre.oval:def:6683 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6683 oval:org.mitre.oval:def:9663 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9663 Common Vulnerability Exposure (CVE) ID: CVE-2009-1378 8720 https://www.exploit-db.com/exploits/8720 [openssl-dev] 20090516 [openssl.org #1931] [PATCH] DTLS fragment handling memory leak http://marc.info/?l=openssl-dev&m=124247679213944&w=2 [openssl-dev] 20090518 Re: [openssl.org #1931] [PATCH] DTLS fragment handling memory leak http://marc.info/?l=openssl-dev&m=124263491424212&w=2 http://cvs.openssl.org/chngview?cn=18188 http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest https://launchpad.net/bugs/cve/2009-1378 oval:org.mitre.oval:def:11309 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11309 oval:org.mitre.oval:def:7229 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7229 Common Vulnerability Exposure (CVE) ID: CVE-2009-1379 35138 http://www.securityfocus.com/bid/35138 [oss-security] 20090518 Re: Two OpenSSL DTLS remote DoS http://www.openwall.com/lists/oss-security/2009/05/18/4 http://rt.openssl.org/Ticket/Display.html?id=1923&user=guest&pass=guest https://launchpad.net/bugs/cve/2009-1379 openssl-dtls1retrievebufferedfragment-dos(50661) https://exchange.xforce.ibmcloud.com/vulnerabilities/50661 oval:org.mitre.oval:def:6848 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6848 oval:org.mitre.oval:def:9744 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9744 Common Vulnerability Exposure (CVE) ID: CVE-2009-1386 35174 http://www.securityfocus.com/bid/35174 35685 http://secunia.com/advisories/35685 8873 https://www.exploit-db.com/exploits/8873 SUSE-SR:2009:012 http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html [oss-security] 20090602 Re: Two OpenSSL DTLS remote DoS http://www.openwall.com/lists/oss-security/2009/06/02/1 http://cvs.openssl.org/chngview?cn=17369 http://rt.openssl.org/Ticket/Display.html?id=1679&user=guest&pass=guest openssl-changecipherspec-dos(50963) https://exchange.xforce.ibmcloud.com/vulnerabilities/50963 oval:org.mitre.oval:def:11179 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11179 oval:org.mitre.oval:def:7469 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7469 Common Vulnerability Exposure (CVE) ID: CVE-2009-1387 HPdes Security Advisory: HPSBMA02492 HPdes Security Advisory: SSRT100079 NETBSD Security Advisory: NetBSD-SA2009-009 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10740 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7592 SuSE Security Announcement: SUSE-SR:2009:012 (Google Search) Common Vulnerability Exposure (CVE) ID: CVE-2009-4212 http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html BugTraq ID: 37749 http://www.securityfocus.com/bid/37749 Debian Security Information: DSA-1969 (Google Search) http://www.debian.org/security/2010/dsa-1969 http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033915.html http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033919.html HPdes Security Advisory: HPSBOV02682 http://marc.info/?l=bugtraq&m=130497213107107&w=2 HPdes Security Advisory: SSRT100495 http://www.mandriva.com/security/advisories?name=MDVSA-2010:006 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11272 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7357 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8192 RedHat Security Advisories: RHSA-2010:0029 https://rhn.redhat.com/errata/RHSA-2010-0029.html http://www.securitytracker.com/id?1023440 http://secunia.com/advisories/38080 http://secunia.com/advisories/38108 http://secunia.com/advisories/38126 http://secunia.com/advisories/38140 http://secunia.com/advisories/38184 http://secunia.com/advisories/38203 http://secunia.com/advisories/38696 http://secunia.com/advisories/40220 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021779.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-275530-1 http://ubuntu.com/usn/usn-881-1 http://www.vupen.com/english/advisories/2010/0096 http://www.vupen.com/english/advisories/2010/0129 http://www.vupen.com/english/advisories/2010/1481 Common Vulnerability Exposure (CVE) ID: CVE-2009-1384 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX http://www.securityfocus.com/archive/1/516397/100/0/threaded 35112 http://www.securityfocus.com/bid/35112 35230 http://secunia.com/advisories/35230 43314 http://secunia.com/advisories/43314 54791 http://osvdb.org/54791 ADV-2009-1448 http://www.vupen.com/english/advisories/2009/1448 MDVSA-2010:054 http://www.mandriva.com/security/advisories?name=MDVSA-2010:054 [oss-security] 20090527 CVE assignment notification (pam_krb5 CVE-2009-1384) http://www.openwall.com/lists/oss-security/2009/05/27/1 http://www.vmware.com/security/advisories/VMSA-2011-0003.html https://bugzilla.redhat.com/show_bug.cgi?id=502602 oval:org.mitre.oval:def:7081 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7081 oval:org.mitre.oval:def:9652 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9652 Common Vulnerability Exposure (CVE) ID: CVE-2010-0097 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html BugTraq ID: 37865 http://www.securityfocus.com/bid/37865 CERT/CC vulnerability note: VU#360341 http://www.kb.cert.org/vuls/id/360341 Debian Security Information: DSA-2054 (Google Search) http://www.debian.org/security/2010/dsa-2054 http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034196.html http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034202.html HPdes Security Advisory: HPSBUX02519 http://marc.info/?l=bugtraq&m=127195582210247&w=2 HPdes Security Advisory: SSRT100004 http://www.mandriva.com/security/advisories?name=MDVSA-2010:021 http://www.osvdb.org/61853 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12205 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7212 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7430 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9357 RedHat Security Advisories: RHSA-2010:0062 https://rhn.redhat.com/errata/RHSA-2010-0062.html http://securitytracker.com/id?1023474 http://secunia.com/advisories/38169 http://secunia.com/advisories/38219 http://secunia.com/advisories/38240 http://secunia.com/advisories/39334 http://secunia.com/advisories/39582 http://secunia.com/advisories/40086 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1 http://www.ubuntu.com/usn/USN-888-1 http://www.vupen.com/english/advisories/2010/0176 http://www.vupen.com/english/advisories/2010/0622 http://www.vupen.com/english/advisories/2010/0981 http://www.vupen.com/english/advisories/2010/1352 XForce ISS Database: bind-dnssecnsec-cache-poisoning(55753) https://exchange.xforce.ibmcloud.com/vulnerabilities/55753 Common Vulnerability Exposure (CVE) ID: CVE-2010-0290 38219 38240 40086 ADV-2010-0176 ADV-2010-0622 ADV-2010-1352 DSA-2054 MDVSA-2010:021 RHSA-2010:0062 SUSE-SA:2010:008 USN-888-1 [oss-security] 20100119 BIND CVE-2009-4022 fix incomplete http://marc.info/?l=oss-security&m=126393609503704&w=2 [oss-security] 20100120 Re: BIND CVE-2009-4022 fix incomplete http://marc.info/?l=oss-security&m=126399602810086&w=2 http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018 https://bugzilla.redhat.com/show_bug.cgi?id=554851 https://bugzilla.redhat.com/show_bug.cgi?id=557121 https://www.isc.org/advisories/CVE-2009-4022v6 oval:org.mitre.oval:def:6815 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6815 oval:org.mitre.oval:def:7512 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7512 oval:org.mitre.oval:def:8884 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8884 Common Vulnerability Exposure (CVE) ID: CVE-2009-3736 BugTraq ID: 37128 http://www.securityfocus.com/bid/37128 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01512.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035133.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035168.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054915.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054921.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054656.html http://security.gentoo.org/glsa/glsa-201311-10.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:307 http://www.mandriva.com/security/advisories?name=MDVSA-2010:035 http://www.mandriva.com/security/advisories?name=MDVSA-2010:091 http://www.mandriva.com/security/advisories?name=MDVSA-2010:105 http://lists.gnu.org/archive/html/libtool/2009-11/msg00065.html http://lists.gnu.org/archive/html/libtool/2009-11/msg00059.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11687 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6951 http://www.redhat.com/support/errata/RHSA-2010-0039.html http://secunia.com/advisories/37414 http://secunia.com/advisories/37489 http://secunia.com/advisories/37997 http://secunia.com/advisories/38190 http://secunia.com/advisories/38577 http://secunia.com/advisories/38617 http://secunia.com/advisories/38915 http://secunia.com/advisories/39299 http://secunia.com/advisories/39347 http://secunia.com/advisories/43617 http://secunia.com/advisories/55721 SuSE Security Announcement: SUSE-SR:2010:006 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html http://www.vupen.com/english/advisories/2011/0574 Common Vulnerability Exposure (CVE) ID: CVE-2010-0001 1023490 http://securitytracker.com/id?1023490 38220 http://secunia.com/advisories/38220 38223 http://secunia.com/advisories/38223 38225 http://secunia.com/advisories/38225 38232 http://secunia.com/advisories/38232 40551 http://secunia.com/advisories/40551 40655 http://secunia.com/advisories/40655 40689 http://secunia.com/advisories/40689 61869 http://www.osvdb.org/61869 ADV-2010-0185 http://www.vupen.com/english/advisories/2010/0185 ADV-2010-1796 http://www.vupen.com/english/advisories/2010/1796 ADV-2010-1872 http://www.vupen.com/english/advisories/2010/1872 APPLE-SA-2010-11-10-1 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html DSA-1974 http://www.debian.org/security/2010/dsa-1974 DSA-2074 http://www.debian.org/security/2010/dsa-2074 HPSBMA02554 http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083 MDVSA-2010:019 http://www.mandriva.com/security/advisories?name=MDVSA-2010:019 MDVSA-2010:020 http://www.mandriva.com/security/advisories?name=MDVSA-2010:020 MDVSA-2011:152 http://www.mandriva.com/security/advisories?name=MDVSA-2011:152 RHSA-2010:0061 http://www.redhat.com/support/errata/RHSA-2010-0061.html SSRT100018 USN-889-1 http://www.ubuntu.com/usn/USN-889-1 http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=a3db5806d012082b9e25cc36d09f19cd736a468f http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://ncompress.sourceforge.net/#status http://savannah.gnu.org/forum/forum.php?forum_id=6153 http://support.apple.com/kb/HT4435 https://bugzilla.redhat.com/show_bug.cgi?id=554418 oval:org.mitre.oval:def:10546 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10546 oval:org.mitre.oval:def:7511 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7511 Common Vulnerability Exposure (CVE) ID: CVE-2010-0426 1023658 http://securitytracker.com/id?1023658 20101027 rPSA-2010-0075-1 sudo http://www.securityfocus.com/archive/1/514489/100/0/threaded 38362 http://www.securityfocus.com/bid/38362 38659 http://secunia.com/advisories/38659 38762 http://secunia.com/advisories/38762 38795 http://secunia.com/advisories/38795 38803 http://secunia.com/advisories/38803 38915 39399 http://secunia.com/advisories/39399 ADV-2010-0450 http://www.vupen.com/english/advisories/2010/0450 ADV-2010-0949 http://www.vupen.com/english/advisories/2010/0949 DSA-2006 http://www.debian.org/security/2010/dsa-2006 FEDORA-2010-6701 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040578.html FEDORA-2010-6749 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040588.html GLSA-201003-01 http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml MDVSA-2010:049 http://www.mandriva.com/security/advisories?name=MDVSA-2010:049 SSA:2010-110-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.577019 SUSE-SR:2010:006 USN-905-1 http://www.ubuntu.com/usn/USN-905-1 ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570737 http://sudo.ws/bugs/show_bug.cgi?id=389 http://sudo.ws/repos/sudo/rev/88f3181692fe http://sudo.ws/repos/sudo/rev/f86e1b56d074 http://wiki.rpath.com/Advisories:rPSA-2010-0075 http://www.linuxquestions.org/questions/linux-security-4/the-use-of-sudoedit-command-question-785442/ http://www.sudo.ws/sudo/stable.html oval:org.mitre.oval:def:10814 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10814 oval:org.mitre.oval:def:7238 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7238 Common Vulnerability Exposure (CVE) ID: CVE-2010-0427 [oss-security] 20100223 CVE assignment notification -- CVE-2010-0427 -- sudo fails to reset group permissions if runas_default set http://www.openwall.com/lists/oss-security/2010/02/23/4 [oss-security] 20100224 Re: CVE assignment notification -- CVE-2010-0427 -- sudo fails to reset group permissions if runas_default set http://www.openwall.com/lists/oss-security/2010/02/24/5 http://sudo.ws/repos/sudo/rev/aa0b6c01c462 http://www.gratisoft.us/bugzilla/attachment.cgi?id=255 http://www.gratisoft.us/bugzilla/show_bug.cgi?id=349 http://www.sudo.ws/cgi-bin/cvsweb/sudo/set_perms.c.diff?r1=1.30.2.7&r2=1.30.2.8 https://bugzilla.redhat.com/show_bug.cgi?id=567622 oval:org.mitre.oval:def:10946 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10946 oval:org.mitre.oval:def:7216 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7216 Common Vulnerability Exposure (CVE) ID: CVE-2010-0382 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11753 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6665 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7086
Copyright	Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.