The OVAL Repository5.52015-09-03T07:28:23.648-04:00ELSA-2014-3079 -- bash security update (Important)Oracle Linux 4bash[3.0-27.0.3]
- Rework env function definition for safety (Florian Weimer) [CVE-2014-7169]Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-3078 -- bash security update (Critical)Oracle Linux 4bash[3.0-27.0.2]
- Preliminary fix for CVE-2014-7169Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-1294 -- bash security update (Critical)Oracle Linux 4bashThe GNU Bourne Again shell (Bash) is a shell and command language
interpreter compatible with the Bourne shell (sh). Bash is the default
shell for Red Hat Enterprise Linux.
A flaw was found in the way Bash evaluated certain specially crafted
environment variables. An attacker could use this flaw to override or
bypass environment restrictions to execute shell commands. Certain
services and applications allow remote unauthenticated attackers to
provide environment variables, allowing them to exploit this issue.
(CVE-2014-6271)
For additional information on the CVE-2014-6271 flaw, refer to the
Knowledgebase article at <A HREF="https://access.redhat.com/articles/1200223">https://access.redhat.com/articles/1200223</A>
Red Hat would like to thank Stephane Chazelas for reporting this issue.
All bash users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDOracle Linux 4.xOracle Linux 4The operating system installed on the system is Oracle Linux 4.xDragos PrisacaDRAFTINTERIMACCEPTEDChandan M CINTERIMACCEPTEDACCEPTEDDEPRECATED: ELSA-2012:0136: libvorbis security update (Important)Oracle Linux 6Oracle Linux 5Oracle Linux 4libvorbisMozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMMaria MikhnoDEPRECATEDDEPRECATEDELSA-2010:0625: wireshark security update (Moderate)Oracle Linux 3Oracle Linux 4Oracle Linux 5wiresharkThe SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark 0.10.8 through 1.0.14 and 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to sigcomp-udvm.c and an off-by-one error, which triggers a buffer overflow, different vulnerabilities than CVE-2010-2287.Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDEPRECATED: ELSA-2011:1268: firefox security update (Important)Oracle Linux 6Oracle Linux 4Oracle Linux 5firefoxxulrunnerMozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.
The RHSA-2011:1242 Firefox update rendered HTTPS certificates signed by a
certain Certificate Authority (CA) as untrusted, but made an exception for
a select few. This update removes that exception, rendering every HTTPS
certificate signed by that CA as untrusted. (BZ#735483)
All Firefox users should upgrade to these updated packages, which contain
Firefox version 3.6.22. After installing the update, Firefox must be
restarted for the changes to take effect.Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMMaria MikhnoDEPRECATEDDEPRECATEDOracle Linux 6.xOracle Linux 6The operating system installed on the system is Oracle Linux 6.xDragos PrisacaDRAFTINTERIMACCEPTEDChandan M CINTERIMACCEPTEDACCEPTEDELSA-2007:0848: openoffice.org security update (Important)Oracle Linux 4Oracle Linux 5Oracle Linux 3openoffice.orgopenoffice.org2Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow.Vinay NaikarDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDOracle Linux 5.xOracle Linux 5The operating system installed on the system is Oracle Linux 5.xDanny HaynesDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDChandan M CINTERIMACCEPTEDACCEPTEDenterprise-releasebashlibvorbis-devellibvorbis-devel-docslibvorbiswireshark-gnomewiresharkfirefoxxulrunnerxulrunner-develoraclelinux-releaseopenoffice.org-langpack-ss_ZAopenoffice.org-langpack-ml_INopenoffice.org-langpack-ms_MYopenoffice.org-langpack-he_ILopenoffice.org-calcopenoffice.org-langpack-da_DKopenoffice.org-langpack-ve_ZAopenoffice.org-langpack-zh_TWopenoffice.org-langpack-svopenoffice.org-langpack-tr_TRopenoffice.org-langpack-kn_INopenoffice.org-xsltfilteropenoffice.org-langpack-th_THopenoffice.org-langpack-af_ZAopenoffice.org-langpack-as_INopenoffice.org-impressopenoffice.org-langpack-el_GRopenoffice.org-langpack-ts_ZAopenoffice.org-langpack-sk_SKopenoffice.org-langpack-hu_HUopenoffice.org-langpack-lt_LTopenoffice.org-langpack-sl_SIopenoffice.org-drawopenoffice.org-langpack-xh_ZAopenoffice.org-langpack-eu_ESopenoffice.org-langpack-nlopenoffice.org-langpack-hr_HRopenoffice.org-langpack-deopenoffice.org-testtoolsopenoffice.org-langpack-bnopenoffice.org-langpack-zh_CNopenoffice.org-pyunoopenoffice.org-langpack-et_EEopenoffice.org-langpack-uropenoffice.org-langpack-itopenoffice.org-baseopenoffice.org-langpack-pl_PLopenoffice.org-langpack-fi_FIopenoffice.org-langpack-te_INopenoffice.org-langpack-ko_KRopenoffice.org-langpack-gl_ESopenoffice.org-langpack-nn_NOopenoffice.org-coreopenoffice.org-langpack-mr_INopenoffice.org-langpack-nr_ZAopenoffice.org-javafilteropenoffice.org-langpack-zu_ZAopenoffice.org-mathopenoffice.org-langpack-ruopenoffice.org-langpack-st_ZAopenoffice.org-langpack-ja_JPopenoffice.org-emailmergeopenoffice.org-langpack-hi_INopenoffice.orgopenoffice.org-langpack-ga_IEopenoffice.org-langpack-pt_BRopenoffice.org-langpack-pt_PTopenoffice.org-langpack-gu_INopenoffice.org-langpack-sr_CSopenoffice.org-langpack-cs_CZopenoffice.org-langpack-cy_GBopenoffice.org-langpack-nb_NOopenoffice.org-langpack-tn_ZAopenoffice.org-langpack-pa_INopenoffice.org-langpack-esopenoffice.org-langpack-fropenoffice.org-langpack-bg_BGopenoffice.org-langpack-ca_ESopenoffice.org-langpack-or_INopenoffice.org-graphicfilteropenoffice.org-langpack-ta_INopenoffice.org-langpack-aropenoffice.org-langpack-nso_ZAopenoffice.org-writer0:3.0-27.0.3.el40:3.0-27.0.2.el4^4.*$0:3.0-27.0.1.el41:1.1.2-3.el5_7.61:1.2.3-4.el6_2.10:1.0.15-1.el5_5.1^6.*$0:3.6.22-1.el5_70:3.6.22-1.el6_10:1.9.2.22-1.el5_70:1.9.2.22-1.el6_1^5.*$unix1:2.0.4-5.4.17.3