Marcus OVAL Generator 5.5 2017-09-27T05:00:47 SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687). SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688). SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Integer overflow in the ICO image decoder for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted ICO file. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP before 4.3.11 may allow remote attackers to execute arbitrary code via an IFD tag that leads to a negative byte count. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Stack-based buffer overflow in the URL parsing function in Gaim before 1.3.0 allows remote attackers to execute arbitrary code via an instant message (IM) with a large URL. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 The exif_read_data function in the Exif module in PHP before 4.4.1 allows remote attackers to cause a denial of service (infinite loop) via a malformed JPEG image. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment." SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors in (1) ext/curl and (2) ext/gd. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives. SUSE Linux Enterprise SDK 10 SP2 Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Directory traversal vulnerability in connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to list arbitrary files and directories via ".." sequences in the Type parameter in a GetFoldersAndFiles command. SUSE Linux Enterprise Realtime 10 SP2 SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.13-rc1 does not initialize certain padding fields in structures, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors, related to the (1) tc_fill_qdisc, (2) tcf_fill_node, (3) neightbl_fill_info, (4) neightbl_fill_param_info, (5) neigh_fill_info, (6) rtnetlink_fill_ifinfo, (7) rtnetlink_fill_iwinfo, (8) vif_delete, (9) ipmr_destroy_unres, (10) ipmr_cache_alloc_unres, (11) ipmr_cache_resolve, (12) inet6_fill_ifinfo, (13) tca_get_fill, (14) tca_action_flush, (15) tcf_add_notify, (16) tc_dump_action, (17) cbq_dump_police, (18) __nlmsg_put, (19) __rta_fill, (20) __rta_reserve, (21) inet6_fill_prefix, (22) rsvp_dump, and (23) cbq_dump_ovl functions. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x before 5.1.5 do not check the (1) safe_mode or (2) open_basedir functions, and when used in applications that accept user-controlled input for the mailbox argument to the imap_open function, allow remote attackers to obtain access to an IMAP stream data structure and conduct unauthorized IMAP actions. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to as a "memory leak," but it is an information leak that discloses memory contents. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB xcb/xcb-demo, which leads to an incorrect memory allocation due to a typo in an expression that uses a "&" instead of a "*" operator. NOTE: the subject line of the original announcement used an incorrect CVE number for this issue. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 The substr_compare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service (memory access violation) via an out-of-bounds offset argument. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length (Content-Length) HTTP header. SLE SDK 10 SP1 for IBM iSeries and IBM pSeries SLE SDK 10 SP1 for IBM zSeries SLE SDK 10 SP1 for IPF SLE SDK 10 SP1 for X86-64 SLE SDK 10 SP1 for x86 auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, a different issue than CVE-2006-2369. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 and 4.x before 4.4.3 allows local users to bypass restrictions and create PHP files with fixed names in other directories via a pathname argument longer than MAXPATHLEN, which prevents a unique string from being appended to the filename. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux kernel 2.6.17 before 2.6.17.3 and 2.6.16 before 2.6.16.23 allows remote attackers to cause a denial of service (crash) via a packet without any chunks, which causes a variable to contain an invalid value that is later used to dereference a pointer. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c in Linux kernel 2.2.16, and later versions, assigns the wrong value to a length variable, which allows local users to execute arbitrary code via a crafted USB Storage device that triggers a buffer overflow. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to 2.6.17, and possibly later versions, allows local users to cause a denial of service (memory consumption) by writing more data to the serial port than the hardware can handle, which causes the data to be queued. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Unspecified vulnerability in the session extension functionality in PHP before 5.1.3 has unknown impact and attack vectors related to heap corruption. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 The peel_netstring function in cl_netstring.c in the heartbeat subsystem in High-Availability Linux before 1.2.5, and 2.0 before 2.0.7, allows remote attackers to cause a denial of service (crash) via the length parameter in a heartbeat message. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name". SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp before 2.2.12 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VECTORS property. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Race condition in Linux kernel 2.6.17.4 and earlier allows local users to gain root privileges by using prctl with PR_SET_DUMPABLE in a way that causes /proc/self/environ to become setuid root. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted Adobe Font Metrics (AFM) files with a modified number of character metrics (StartCharMetrics), which leads to a heap-based buffer overflow. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Integer overflow in the scan_cidfont function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted (1) CMap and (2) CIDFont font data with modified item counts in the (a) begincodespacerange, (b) cidrange, and (c) notdefrange sections. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Unspecified vulnerability in the sctp_make_abort_user function in the SCTP implementation in Linux 2.6.x before 2.6.17.10 and 2.4.23 up to 2.4.33 allows local users to cause a denial of service (panic) and possibly gain root privileges via unknown attack vectors. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules. SUSE Linux Enterprise SDK 10 SP2 Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 The Universal Disk Format (UDF) filesystem driver in Linux kernel 2.6.17 and earlier allows local users to cause a denial of service (hang and crash) via certain operations involving truncated files, as demonstrated via the dd command. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC platforms, allows local users to cause a denial of service (crash) via a malformed ELF file that triggers memory maps that cross region boundaries. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 ip6_tables in netfilter in the Linux kernel before 2.6.16.31 allows remote attackers to (1) bypass a rule that disallows a protocol, via a packet with the protocol header not located immediately after the fragment header, aka "ip6_tables protocol bypass bug;" and (2) bypass a rule that looks for a certain extension header, via a packet with an extension header outside the first fragment, aka "ip6_tables extension header bypass bug." SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c). SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 The seqfile handling (ip6fl_get_n function in ip6_flowlabel.c) in Linux kernel 2.6 up to 2.6.18-stable allows local users to cause a denial of service (hang or oops) via unspecified manipulations that trigger an infinite loop while searching for flowlabels. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Integer overflow in the get_fdb_entries function in net/bridge/br_ioctl.c in the Linux kernel before 2.6.18.4 allows local users to execute arbitrary code via a large maxnum value in an ioctl request. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a denial of service (crash) via malformed sPLT chunks that trigger an out-of-bounds read. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph management data structures. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that cause mechglue to free uninitialized pointers. SUSE Linux Enterprise SDK 10 SP2 sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY. SUSE Linux Enterprise SDK 10 SP2 Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory. SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Multiple heap-based buffer overflows in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allow user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file in which values to loop counters are not properly handled in the (1) WP3TablesGroup::_readContents and (2) WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup functions. NOTE: the integer overflow has been split into CVE-2007-1466. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file. SUSE Linux Enterprise SDK 10 SP2 Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Stack-based buffer overflow in filter\starcalc\scflt.cxx in the StarCalc parser in OpenOffice.org (OOo) Office Suite before 2.2, and 1.x before 1.1.5 Patch, allows user-assisted remote attackers to execute arbitrary code via a document with a long Note. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service (memory and CPU exhaustion) by renaming a file in a way that prevents a request from being removed from the deferred open queue, which triggers an infinite loop. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allow remote attackers to cause a denial of service (crash) and potentially execute arbitrary code via certain vectors. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Heap-based buffer overflow in the _cairo_pen_init function in Mozilla Firefox 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clipPath element in an SVG file. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. NOTE: vector 6 might actually be an integer overflow (CVE-2007-1885). NOTE: as of 20070411, vector (3) might involve the imap_mail_compose function (CVE-2007-1825). SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors. SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP1 for IBM POWER SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP1 for IPF SUSE Linux Enterprise Server 10 SP1 for x86 Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code. SUSE Linux Enterprise SDK 10 SP2 Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616". SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions. SUSE Linux Enterprise Server 10 SP3 The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register. SUSE Linux Enterprise SDK 10 SP2 Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen. SUSE Linux Enterprise Point Of Sale 10 for x86 Untrusted search path vulnerability in yast2-core in SUSE Linux might allow local users to execute arbitrary code by creating a malicious yast2 module in the current working directory. SUSE Linux Enterprise SDK 10 SP2 Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors. SUSE Linux Enterprise Realtime 10 SP2 SUSE Linux Enterprise SDK 10 SP2 fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test. SUSE Linux Enterprise SDK 10 SP2 The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file that triggers a buffer underflow in the cf_decode_2d function. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15. SUSE Linux Enterprise SDK 10 SP2 Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link. SUSE Linux Enterprise SDK 10 SP2 The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow. SUSE Linux Enterprise SDK 10 SP2 Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list's "info attribute" in the web administrator interface, a different vulnerability than CVE-2006-3636. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Unspecified vulnerability in the 32-bit and 64-bit emulation in the Linux kernel 2.6.9, 2.6.18, and probably other versions allows local users to read uninitialized memory via unknown vectors involving a crafted binary. SUSE Linux Enterprise SDK 10 SP2 The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI. SUSE Linux Enterprise SDK 10 SP2 Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine. SUSE Linux Enterprise SDK 10 SP2 SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte. SUSE Linux Enterprise SDK 10 SP2 The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly related to the ScaleCharToQuantum function. SUSE Linux Enterprise SDK 10 SP2 Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption. SUSE Linux Enterprise SDK 10 SP2 Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response. SUSE Linux Enterprise SDK 10 SP2 Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment. SUSE Linux Enterprise SDK 10 SP2 Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window). SUSE Linux Enterprise SDK 10 SP2 Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option. SUSE Linux Enterprise SDK 10 SP2 Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms. SUSE Linux Enterprise SDK 10 SP2 Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to execute arbitrary code via a crafted JNLP file. SUSE Linux Enterprise SDK 10 SP2 Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method. SUSE Linux Enterprise SDK 10 SP2 ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information. SUSE Linux Enterprise SDK 10 SP2 ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder. SUSE Linux Enterprise SDK 10 SP2 ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters. SUSE Linux Enterprise SDK 10 SP2 Linux kernel 2.6.17, and other versions before 2.6.22, does not check when a user attempts to set RLIMIT_CPU to 0 until after the change is made, which allows local users to bypass intended resource limits. SUSE Linux Enterprise SDK 10 SP2 The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption. SUSE Linux Enterprise SDK 10 SP2 Integer overflow in the fbShmPutImage function in the MIT-SHM extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to read arbitrary process memory via crafted values for a Pixmap width and height. SUSE Linux Enterprise SDK 10 SP2 Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the php_sprintf_appendstring function in formatted_print.c and probably other functions for formatted strings (aka *printf functions). SUSE Linux Enterprise SDK 10 SP2 libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access." SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec. SUSE Linux Enterprise SDK 10 SP2 The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug." SUSE Linux Enterprise SDK 10 SP2 Cross-site scripting (XSS) vulnerability in namazu.cgi in Namazu before 2.0.18 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input, related to failure to set the charset, a different vector than CVE-2004-1318 and CVE-2001-1350. NOTE: some of these details are obtained from third party information. SUSE Linux Enterprise SDK 10 SP2 arch/s390/kernel/ptrace.c in Linux kernel 2.6.9, and other versions before 2.6.27-rc6, on s390 platforms allows local users to cause a denial of service (kernel panic) via the user-area-padding test from the ptrace testsuite in 31-bit mode, which triggers an invalid dereference. SUSE Linux Enterprise Realtime 10 SP2 SUSE Linux Enterprise SDK 10 SP2 Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service (crash) via certain ptrace calls. SUSE Linux Enterprise SDK 10 SP2 Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain "re-ordered access to the descriptor table." SUSE Linux Enterprise Realtime 10 SP2 SUSE Linux Enterprise SDK 10 SP2 The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding. SUSE Linux Enterprise SDK 10 SP2 Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965. SUSE Linux Enterprise SDK 10 SP2 Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer. SUSE Linux Enterprise SDK 10 SP2 Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Remote Desktop Protocol (RDP) request with a small length field. SUSE Linux Enterprise SDK 10 SP2 Buffer overflow in the process_redirect_pdu (rdp.c) function in rdesktop 1.5.0 allows remote attackers to execute arbitrary code via a Remote Desktop Protocol (RDP) redirect request with modified length fields. SUSE Linux Enterprise SDK 10 SP2 Integer signedness error in the xrealloc function (rdesktop.c) in RDesktop 1.5.0 allows remote attackers to execute arbitrary code via unknown parameters that trigger a heap-based overflow. NOTE: the role of the channel_process function was not specified by the original researcher. SUSE Linux Enterprise SDK 10 SP2 Stack-based buffer overflow in the demux_nsf_send_chunk function in src/demuxers/demux_nsf.c in xine-lib 1.1.12 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long NSF title. SUSE Linux Enterprise SDK 10 SP2 Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow. SUSE Linux Enterprise SDK 10 SP2 Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or (5) %20 (encoded space) character in the URI, possibly related to the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new functionality and the :DocumentRoot option. SUSE Linux Enterprise SDK 10 SP2 QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004. SUSE Linux Enterprise SDK 10 SP2 Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors. SUSE Linux Enterprise SDK 10 SP2 The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars." SUSE Linux Enterprise SDK 10 SP2 MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future. SUSE Linux Enterprise SDK 10 SP2 sles10-ltss.i386 sles10-ltss.s390x sles10-ltss.x86_64 Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the (1) java.home, (2) java.ext.dirs, or (3) user.home System Properties, aka "Java Web Start File Inclusion" and CR 6694892. SUSE Linux Enterprise SDK 10 SP2 The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions. SUSE Linux Enterprise Realtime 10 SP2 SUSE Linux Enterprise SDK 10 SP2 Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT) tunnel interface, related to the pskb_may_pull and kfree_skb functions, and management of an skb reference count. SUSE Linux Enterprise SDK 10 SP2 Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code. SUSE Linux Enterprise SDK 10 SP2 OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN. SUSE Linux Enterprise SDK 10 SP2 Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP). SUSE Linux Enterprise SDK 10 SP2 Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031. SUSE Linux Enterprise SDK 10 SP2 Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat cryptographic digests, related to "partial hashlib hashing of data exceeding 4GB." SUSE Linux Enterprise SDK 10 SP2 Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code. SUSE Linux Enterprise SDK 10 SP2 Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr. SUSE Linux Enterprise SDK 10 SP2 Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow. SUSE Linux Enterprise SDK 10 SP2 Integer overflow in the ProcRenderCreateCursor function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to cause a denial of service (daemon crash) via unspecified request fields that are used to calculate a glyph buffer size, which triggers a dereference of unmapped memory. SUSE Linux Enterprise SDK 10 SP2 Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption. SUSE Linux Enterprise SDK 10 SP2 The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. SUSE Linux Enterprise SDK 10 SP2 Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter. SUSE Linux Enterprise SDK 10 SP2 The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users to cause a denial of service (memory consumption) via a large number of calls to the get_user_pages function, which lacks a ZERO_PAGE optimization and results in allocation of "useless newly zeroed pages." SUSE Linux Enterprise SDK 10 SP2 src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read. SUSE Linux Enterprise SDK 10 SP2 Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, when PAM is used, allows remote attackers to cause a denial of service (memory consumption) via a large number of invalid authentication attempts within the same session, a different vulnerability than CVE-2007-5962. SUSE Linux Enterprise SDK 10 SP2 The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request. SUSE Linux Enterprise SDK 10 SP2 Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a PNM image with a crafted header, related to the load function in src/modules/loaders/loader_pnm.c; or (2) a crafted XPM image, related to the load function in src/modules/loader_xpm.c. SUSE Linux Enterprise SDK 10 SP2 Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change. SUSE Linux Enterprise SDK 10 SP2 Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change. SUSE Linux Enterprise SDK 10 SP2 The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change. SUSE Linux Enterprise SDK 10 SP2 Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075. SUSE Linux Enterprise SDK 10 SP2 libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read. SUSE Linux Enterprise SDK 10 SP2 Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the "REALLOC_N" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change. SUSE Linux Enterprise SDK 10 SP2 Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change. SUSE Linux Enterprise SDK 10 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-2725. Reason: This candidate is a duplicate of CVE-2008-2725. Notes: All CVE users should reference CVE-2008-2725 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. SUSE Linux Enterprise SDK 10 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-2726. Reason: This candidate is a duplicate of CVE-2008-2726. Notes: All CVE users should reference CVE-2008-2726 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. SUSE Linux Enterprise SDK 10 SP2 arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some AMD64 systems does not erase destination memory locations after an exception during kernel memory copy, which allows local users to obtain sensitive information. SUSE Linux Enterprise Realtime 10 SP2 SUSE Linux Enterprise SDK 10 SP2 The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/. SUSE Linux Enterprise Realtime 10 SP2 Integer overflow in the sctp_getsockopt_local_addrs_old function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) functionality in the Linux kernel before 2.6.25.9 allows local users to cause a denial of service (resource consumption and system outage) via vectors involving a large addr_num field in an sctp_getaddrs_old data structure. SUSE Linux Enterprise SDK 10 SP2 Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, a different vulnerability than CVE-2008-2955. SUSE Linux Enterprise SDK 10 SP2 The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint. SUSE Linux Enterprise SDK 10 SP2 Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version. SUSE Linux Enterprise SDK 10 SP2 Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI. SUSE Linux Enterprise SDK 10 SP2 liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error. SUSE Linux Enterprise SDK 10 SP2 Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function. SUSE Linux Enterprise SDK 10 SP2 sles10-ltss.i386 sles10-ltss.s390x sles10-ltss.x86_64 Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet's outbound connections by connecting to localhost services running on the machine that loaded the applet. SUSE Linux Enterprise SDK 10 SP2 Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105. SUSE Linux Enterprise SDK 10 SP2 Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing. SUSE Linux Enterprise SDK 10 SP2 Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220. SUSE Linux Enterprise SDK 10 SP2 sles10-ltss.i386 sles10-ltss.s390x sles10-ltss.x86_64 Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909. SUSE Linux Enterprise SDK 10 SP2 sles10-ltss.i386 sles10-ltss.s390x sles10-ltss.x86_64 Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077. SUSE Linux Enterprise SDK 10 SP2 sles10-ltss.i386 sles10-ltss.s390x sles10-ltss.x86_64 Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. SUSE Linux Enterprise SDK 10 SP2 The GSM SMS dissector in Wireshark (formerly Ethereal) 0.99.2 through 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors. SUSE Linux Enterprise SDK 10 SP2 The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors. SUSE Linux Enterprise SDK 10 SP2 The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error. SUSE Linux Enterprise SDK 10 SP2 The syslog dissector in Wireshark (formerly Ethereal) 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors, possibly related to an "incomplete SS7 MSU syslog encapsulated packet." SUSE Linux Enterprise SDK 10 SP2 Unspecified vulnerability in the RMI dissector in Wireshark (formerly Ethereal) 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors. SUSE Linux Enterprise SDK 10 SP2 Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related to the unicode_resize function and the PyMem_RESIZE macro. SUSE Linux Enterprise SDK 10 SP2 Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by "checks for integer overflows, contributed by Google." SUSE Linux Enterprise SDK 10 SP2 Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of certain integer values is also affected by related integer underflows and an off-by-one error. SUSE Linux Enterprise SDK 10 SP2 The fragment_add_work function in epan/reassemble.c in Wireshark 0.8.19 through 1.0.1 allows remote attackers to cause a denial of service (crash) via a series of fragmented packets with non-sequential fragmentation offset values, which lead to a buffer over-read. SUSE Linux Enterprise SDK 10 SP2 Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted NCP packet that causes an invalid pointer to be used. SUSE Linux Enterprise SDK 10 SP2 xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via a crafted OGG file, as demonstrated by playing lol-ffplay.ogg with xine. SUSE Linux Enterprise SDK 10 SP2 Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve. SUSE Linux Enterprise Realtime 10 SP2 SUSE Linux Enterprise SDK 10 SP2 The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which allows local users to obtain sensitive information. SUSE Linux Enterprise Realtime 10 SP2 SUSE Linux Enterprise SDK 10 SP2 The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denial of service ("overflow" of the UBIFS orphan area) via a series of attempted file creations within deleted directories. SUSE Linux Enterprise Realtime 10 SP2 Integer overflow in the dccp_setsockopt_change function in net/dccp/proto.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.17-rc1 through 2.6.26.2 allows remote attackers to cause a denial of service (panic) via a crafted integer value, related to Change L and Change R options without at least one byte in the dccpsf_val field. SUSE Linux Enterprise SDK 10 SP2 Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren). SUSE Linux Enterprise SDK 10 SP2 The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick. SUSE Linux Enterprise SDK 10 SP2 Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation. SUSE Linux Enterprise SDK 10 SP2 Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally reported as a symlink issue, but this was incorrect. NOTE: some vendors dispute the severity of this issue, but it satisfies CVE's requirements for inclusion. SUSE Linux Enterprise SDK 10 SP2 Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf. SUSE Linux Enterprise Realtime 10 SP2 SUSE Linux Enterprise SDK 10 SP2 The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local users to bypass intended capability restrictions. SUSE Linux Enterprise Realtime 10 SP2 SUSE Linux Enterprise SDK 10 SP2 The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir->i_size and dir->i_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this crosses privilege boundaries. SUSE Linux Enterprise SDK 10 SP2 The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service. SUSE Linux Enterprise SDK 10 SP2 Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools before 0.7.1 allows remote authenticated users to cause a denial of service (memory consumption) via invalid proposals. SUSE Linux Enterprise SDK 10 SP2 src/racoon/handler.c in racoon in ipsec-tools does not remove an "orphaned ph1" (phase 1) handle when it has been initiated remotely, which allows remote attackers to cause a denial of service (resource consumption). SUSE Linux Enterprise SDK 10 SP2 Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3. SUSE Linux Enterprise SDK 10 SP2 Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression. SUSE Linux Enterprise SDK 10 SP2 The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen. SUSE Linux Enterprise SDK 10 SP2 Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. SUSE Linux Enterprise SDK 10 SP2 Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function. NOTE: the scope of this issue is limited since most applications would not use an attacker-controlled delimiter, but local attacks against safe_mode are feasible. SUSE Linux Enterprise SDK 10 SP2 PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php. SUSE Linux Enterprise SDK 10 SP2 The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an "XML entity explosion." SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error. SUSE Linux Enterprise SDK 10 SP2 The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors. SUSE Linux Enterprise SDK 10 SP2 feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers to execute scripts with chrome privileges via vectors related to feed preview and the (1) elem.doCommand, (2) elem.dispatchEvent, (3) _setTitleText, (4) _setTitleImage, and (5) _initSubscriptionUI functions. SUSE Linux Enterprise SDK 10 SP2 Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted onmousedown action that calls window.moveBy, a variant of CVE-2003-0823. SUSE Linux Enterprise SDK 10 SP2 resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. SUSE Linux Enterprise SDK 10 SP2 libclamav in ClamAV before 0.94 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an out-of-memory condition. SUSE Linux Enterprise SDK 10 SP2 Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 might allow attackers to cause a denial of service (memory consumption) via unspecified vectors related to "error handling logic". SUSE Linux Enterprise SDK 10 SP2 Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknown impact and attack vectors related to file descriptor leaks on the "error path" in (1) libclamav/others.c and (2) libclamav/sis.c. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege boundaries when ed is invoked as a third-party component. SUSE Linux Enterprise SDK 10 SP2 Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers to cause a denial of service (crash) via a packet with crafted zlib-compressed data that triggers an invalid read in the tvb_uncompress function. SUSE Linux Enterprise SDK 10 SP2 MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement. SUSE Linux Enterprise SDK 10 SP2 pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235. SUSE Linux Enterprise SDK 10 SP2 The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to (1) chrome XBL and (2) chrome JS. SUSE Linux Enterprise SDK 10 SP2 The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element. SUSE Linux Enterprise SDK 10 SP2 Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to (1) the document.loadBindingDocument function and (2) XSLT. SUSE Linux Enterprise SDK 10 SP2 Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via an mtd element with a large integer value in the rowspan attribute, related to the layout engine. SUSE Linux Enterprise SDK 10 SP2 Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) interaction of JavaScript garbage collection with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed function in nsJSNPRuntime.cpp. SUSE Linux Enterprise SDK 10 SP2 Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1) a zero value of the "this" variable in the nsContentList::Item function; (2) interaction of the indic IME extension, a Hindi language selection, and the "g" character; and (3) interaction of the nsFrameList::SortByContentOrder function with a certain insufficient protection of inline frames. SUSE Linux Enterprise SDK 10 SP2 Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to graphics rendering and (1) handling of a long alert messagebox in the cairo_surface_set_device_offset function, (2) integer overflows when handling animated PNG data in the info_callback function in nsPNGDecoder.cpp, and (3) an integer overflow when handling SVG data in the nsSVGFEGaussianBlurElement::SetupPredivide function in nsSVGFilters.cpp. SUSE Linux Enterprise SDK 10 SP2 Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka "Stripped BOM characters bug." SUSE Linux Enterprise SDK 10 SP2 Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "jav&#56325ascript" sequence, aka "HTML escaped low surrogates bug." SUSE Linux Enterprise SDK 10 SP2 Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash) characters in a resource: URI. SUSE Linux Enterprise SDK 10 SP2 Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI. SUSE Linux Enterprise SDK 10 SP2 The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file. SUSE Linux Enterprise SDK 10 SP2 Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer. SUSE Linux Enterprise SDK 10 SP2 MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079. SUSE Linux Enterprise SDK 10 SP2 MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097. SUSE Linux Enterprise SDK 10 SP2 Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712. SUSE Linux Enterprise SDK 10 SP2 fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O. SUSE Linux Enterprise SDK 10 SP2 Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats. SUSE Linux Enterprise SDK 10 SP2 The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply. SUSE Linux Enterprise SDK 10 SP2 smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a "cut&paste error" that causes an improper bounds check to be performed. SUSE Linux Enterprise SDK 10 SP2 Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux kernel 2.6 allow remote attackers to execute arbitrary code by sending packets over a local wireless network that specify long ESSIDs. SUSE Linux Enterprise SDK 10 SP2 Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67. SUSE Linux Enterprise SDK 10 SP2 Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320. SUSE Linux Enterprise Realtime 10 SP2 The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file. SUSE Linux Enterprise SDK 10 SP2 Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a large number of Agraph_t elements. SUSE Linux Enterprise Realtime 10 SP2 sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service (OOPS) via an INIT-ACK that states the peer does not support AUTH, which causes the sctp_process_init function to clean up active transports and triggers the OOPS when the T1-Init timer expires. SUSE Linux Enterprise SDK 10 SP2 packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a malformed USB Request Block (URB). SUSE Linux Enterprise SDK 10 SP2 Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets. SUSE Linux Enterprise SDK 10 SP2 The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a packet with an invalid length, related to an erroneous tvb_memcpy call. SUSE Linux Enterprise SDK 10 SP2 Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception. SUSE Linux Enterprise SDK 10 SP2 lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read. SUSE Linux Enterprise SDK 10 SP2 Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679. SUSE Linux Enterprise SDK 10 SP2 Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated using a malicious --db-command options. NOTE: the severity of this issue has been disputed, but CVE is including this issue because execution of a program from an untrusted directory is a common scenario. SUSE Linux Enterprise SDK 10 SP2 Buffer overflow in the hfsplus_find_cat function in fs/hfsplus/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfsplus filesystem image with an invalid catalog namelength field, related to the hfsplus_cat_build_key_uni function. SUSE Linux Enterprise SDK 10 SP2 Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. SUSE Linux Enterprise SDK 10 SP2 Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address. SUSE Linux Enterprise SDK 10 SP2 jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function. SUSE Linux Enterprise SDK 10 SP2 The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences. SUSE Linux Enterprise SDK 10 SP2 Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors. SUSE Linux Enterprise SDK 10 SP2 The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to "insufficient class checking" in the Date class. SUSE Linux Enterprise SDK 10 SP2 nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory. SUSE Linux Enterprise SDK 10 SP2 The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check. SUSE Linux Enterprise SDK 10 SP2 Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file. SUSE Linux Enterprise SDK 10 SP2 Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document. SUSE Linux Enterprise SDK 10 SP2 Stack-based buffer overflow in the hfs_cat_find_brec function in fs/hfs/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfs filesystem image with an invalid catalog namelength field, a related issue to CVE-2008-4933. SUSE Linux Enterprise SDK 10 SP2 The __scm_destroy function in net/core/scm.c in the Linux kernel 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service (panic) via vectors related to sending an SCM_RIGHTS message through a UNIX domain socket and closing file descriptors. SUSE Linux Enterprise SDK 10 SP2 Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315. SUSE Linux Enterprise SDK 10 SP2 Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based buffer overflow. SUSE Linux Enterprise SDK 10 SP2 The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. SUSE Linux Enterprise SDK 10 SP2 net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and earlier allows local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then reading a /proc/net/atm/*vc file, related to corruption of the vcc table. SUSE Linux Enterprise SDK 10 SP2 The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) in avahi-daemon in Avahi before 0.6.24 allows remote attackers to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0, which triggers an assertion failure. SUSE Linux Enterprise SDK 10 SP2 Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a connection is read-only, which allows local users to bypass intended access restrictions and perform administrative actions. SUSE Linux Enterprise SDK 10 SP2 The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount. SUSE Linux Enterprise SDK 10 SP2 The load function in the XPM loader for imlib2 1.4.2, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XPM file that triggers a "pointer arithmetic error" and a heap-based buffer overflow, a different vulnerability than CVE-2008-2426. SUSE Linux Enterprise SDK 10 SP2 CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function. SUSE Linux Enterprise SDK 10 SP2 xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in the real_parse_audio_specific_data function in demux_real.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file. SUSE Linux Enterprise SDK 10 SP2 Multiple heap-based buffer overflows in xine-lib 1.1.12, and other versions before 1.1.15, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted metadata atom size processed by the parse_moov_atom function in demux_qt.c and (2) frame reading in the id3v23_interp_frame function in id3.c. NOTE: as of 20081122, it is possible that vector 1 has not been fixed in 1.1.15. SUSE Linux Enterprise SDK 10 SP2 Heap-based buffer overflow in the demux_real_send_chunk function in src/demuxers/demux_real.c in xine-lib before 1.1.15 allows remote attackers to execute arbitrary code via a crafted Real Media file. NOTE: some of these details are obtained from third party information. SUSE Linux Enterprise SDK 10 SP2 Multiple heap-based buffer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted EBML element length processed by the parse_block_group function in demux_matroska.c; (2) a certain combination of sps, w, and h values processed by the real_parse_audio_specific_data and demux_real_send_chunk functions in demux_real.c; and (3) an unspecified combination of three values processed by the open_ra_file function in demux_realaudio.c. NOTE: vector 2 reportedly exists because of an incomplete fix in 1.1.15. SUSE Linux Enterprise SDK 10 SP2 Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) crafted width and height values that are not validated by the mymng_process_header function in demux_mng.c before use in an allocation calculation or (2) crafted current_atom_size and string_size values processed by the parse_reference_atom function in demux_qt.c for an RDRF_ATOM string. SUSE Linux Enterprise SDK 10 SP2 Integer overflow in the real_parse_mdpr function in demux_real.c in xine-lib 1.1.12, and other versions before 1.1.15, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted stream_name_size field. SUSE Linux Enterprise SDK 10 SP2 xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not properly handle (a) negative and (b) zero values during unspecified read function calls in input_file.c, input_net.c, input_smb.c, and input_http.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via vectors such as (1) a file or (2) an HTTP response, which triggers consequences such as out-of-bounds reads and heap-based buffer overflows. SUSE Linux Enterprise SDK 10 SP2 xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input value to determine the memory allocation and does not check the result for (1) the MATROSKA_ID_TR_CODECPRIVATE track entry element processed by demux_matroska.c; and (2) PROP_TAG, (3) MDPR_TAG, and (4) CONT_TAG chunks processed by the real_parse_headers function in demux_real.c; which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) or possibly execute arbitrary code via a crafted value. SUSE Linux Enterprise SDK 10 SP2 Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allows remote attackers to cause a denial of service (crash) via a crafted media file that results in a small value of moov_atom_size in a compressed MOV (aka CMOV_ATOM). SUSE Linux Enterprise SDK 10 SP2 demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not validate the count field before calling calloc for STSD_ATOM atom allocation, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file. SUSE Linux Enterprise SDK 10 SP2 The real_parse_headers function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input length value to "reindex into an allocated buffer," which allows remote attackers to cause a denial of service (crash) via a crafted value, probably an array index error. SUSE Linux Enterprise SDK 10 SP2 Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the lack of details, it is not clear whether this is an issue in xine-lib or in libfaad. SUSE Linux Enterprise SDK 10 SP2 xine-lib before 1.1.15 performs V4L video frame preallocation before ascertaining the required length, which has unknown impact and attack vectors, possibly related to a buffer overflow in the open_video_capture_device function in src/input/input_v4l.c. SUSE Linux Enterprise SDK 10 SP2 Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. SUSE Linux Enterprise SDK 10 SP2 The real_parse_audio_specific_data function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, uses an untrusted height (aka codec_data_length) value as a divisor, which allow remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero value. SUSE Linux Enterprise SDK 10 SP2 xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via "MP3 files with metadata consisting only of separators." SUSE Linux Enterprise SDK 10 SP2 Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jpeg_exploit, jpeg_check_photoshop, and jpeg_check_photoshop_8bim functions. SUSE Linux Enterprise SDK 10 SP2 sles10-ltss.i386 sles10-ltss.s390x sles10-ltss.x86_64 Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to perform network connections to unauthorized hosts via unknown vectors, aka CR 6727079. SUSE Linux Enterprise SDK 10 SP2 sles10-ltss.i386 sles10-ltss.s390x sles10-ltss.x86_64 Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors, aka 6727081. SUSE Linux Enterprise SDK 10 SP2 sles10-ltss.i386 sles10-ltss.s390x sles10-ltss.x86_64 Unspecified vulnerability in the BasicService for Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted downloaded applications to cause local files to be displayed in the browser of the user of the untrusted application via unknown vectors, aka 6767668. SUSE Linux Enterprise SDK 10 SP2 sles10-ltss.i386 sles10-ltss.s390x sles10-ltss.x86_64 Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows remote attackers to make unauthorized network connections and hijack HTTP sessions via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR" and CR 6707535. SUSE Linux Enterprise SDK 10 SP2 sles10-ltss.i386 sles10-ltss.s390x sles10-ltss.x86_64 Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets to read arbitrary files and make unauthorized network connections via unknown vectors related to applet classloading, aka 6716217. SUSE Linux Enterprise SDK 10 SP2 sles10-ltss.i386 sles10-ltss.s390x sles10-ltss.x86_64 Unspecified vulnerability in Java Runtime Environment (JRE) with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier allows code that is loaded from a local filesystem to read arbitrary files and make unauthorized connections to localhost via unknown vectors. SUSE Linux Enterprise SDK 10 SP2 sles10-ltss.i386 sles10-ltss.s390x sles10-ltss.x86_64 Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 or earlier allows untrusted applets and applications to read arbitrary memory via a crafted ZIP file. SUSE Linux Enterprise SDK 10 SP2 sles10-ltss.i386 sles10-ltss.s390x sles10-ltss.x86_64 Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier, when using Kerberos authentication, allows remote attackers to cause a denial of service (OS resource consumption) via unknown vectors. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key. SUSE Linux Enterprise SDK 10 SP2 sles10-ltss.i386 sles10-ltss.s390x sles10-ltss.x86_64 Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applications and applets to list the contents of the operating user's directory via unknown vectors. SUSE Linux Enterprise SDK 10 SP2 sles10-ltss.i386 sles10-ltss.s390x sles10-ltss.x86_64 Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications that rely on shortest-form UTF-8 encodings. SUSE Linux Enterprise SDK 10 SP2 sles10-ltss.i386 sles10-ltss.s390x sles10-ltss.x86_64 The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by "deserializing Calendar objects". SUSE Linux Enterprise SDK 10 SP2 sles10-ltss.i386 sles10-ltss.s390x sles10-ltss.x86_64 Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with a long Main-Class manifest entry. SUSE Linux Enterprise SDK 10 SP2 sles10-ltss.i386 sles10-ltss.s390x sles10-ltss.x86_64 Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file. SUSE Linux Enterprise SDK 10 SP2 sles10-ltss.i386 sles10-ltss.s390x sles10-ltss.x86_64 Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file, which triggers a heap-based buffer overflow. SUSE Linux Enterprise SDK 10 SP2 sles10-ltss.i386 sles10-ltss.s390x sles10-ltss.x86_64 Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code, related to a ConvolveOp operation in the Java AWT library. SUSE Linux Enterprise SDK 10 SP2 sles10-ltss.i386 sles10-ltss.s390x sles10-ltss.x86_64 Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknown vectors. SUSE Linux Enterprise SDK 10 SP2 Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image. SUSE Linux Enterprise SDK 10 SP2 The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to (1) a reachable assertion or (2) an integer overflow. SUSE Linux Enterprise SDK 10 SP2 The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL bindings. SUSE Linux Enterprise SDK 10 SP2 Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure." SUSE Linux Enterprise SDK 10 SP2 Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API. SUSE Linux Enterprise SDK 10 SP2 Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks. SUSE Linux Enterprise SDK 10 SP2 The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines. SUSE Linux Enterprise SDK 10 SP2 Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an "unloaded document." SUSE Linux Enterprise SDK 10 SP2 Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown vectors in which "page content can pollute XPCNativeWrappers." SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request. SUSE Linux Enterprise SDK 10 SP2 Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion, related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3) mb_convert_variables, and (4) mb_parse_str functions. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 PHP 5 before 5.2.7 does not properly initialize the page_uid and page_gid global variables for use by the SAPI php_getuid function, which allows context-dependent attackers to bypass safe_mode restrictions via variable settings that are intended to be restricted to root, as demonstrated by a setting of /etc for the error_log variable. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictions when safe_mode is enabled through a php_admin_flag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a "php_value error_log" entry in a .htaccess file. SUSE Linux Enterprise SDK 10 SP2 Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences. SUSE Linux Enterprise Realtime 10 SP2 Buffer underflow in the ibwdt_ioctl function in drivers/watchdog/ib700wdt.c in the Linux kernel before 2.6.28-rc1 might allow local users to have an unknown impact via a certain /dev/watchdog WDIOC_SETTIMEOUT IOCTL call. SUSE Linux Enterprise SDK 10 SP2 The papd daemon in Netatalk before 2.0.4-beta2, when using certain variables in a pipe command for the print file, allows remote attackers to execute arbitrary commands via shell metacharacters in a print request, as demonstrated using a crafted Title. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile 0.2.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WAV file. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." SUSE Linux Enterprise SDK 10 SP2 The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion." SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file. SUSE Linux Enterprise SDK 10 SP2 Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and possibly other versions, allows remote attackers to cause a denial of service (ps2pdf crash) and possibly execute arbitrary code via a crafted Postscript file. SUSE Linux Enterprise SDK 10 SP2 libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180. SUSE Linux Enterprise SDK 10 SP2 NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. SUSE Linux Enterprise SDK 10 SP2 The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow. SUSE Linux Enterprise SDK 10 SP2 sles10-ltss.i386 sles10-ltss.s390x sles10-ltss.x86_64 BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. SUSE Linux Enterprise Realtime 10 SP2 SUSE Linux Enterprise SDK 10 SP2 The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit. SUSE Linux Enterprise SDK 10 SP2 Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header. SUSE Linux Enterprise SDK 10 SP2 The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL. SUSE Linux Enterprise SDK 10 SP2 Belgian eID middleware (eidlib) 2.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. SUSE Linux Enterprise Realtime 10 SP2 SUSE Linux Enterprise SDK 10 SP2 Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.28-git8 allows remote attackers to have an unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk with a large stream ID. SUSE Linux Enterprise SDK 10 SP2 Multiple integer overflows in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote attackers to execute arbitrary code via an Audible Audio (.aa) file with a large (1) nlen or (2) vlen Tag value, each of which triggers a heap-based buffer overflow. SUSE Linux Enterprise SDK 10 SP2 Multiple array index errors in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via an Audible Audio (.aa) file with a crafted (1) nlen or (2) vlen Tag value, each of which can lead to an invalid pointer dereference, or the writing of a 0x00 byte to an arbitrary memory location, after an allocation failure. SUSE Linux Enterprise SDK 10 SP2 Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg. SUSE Linux Enterprise SDK 10 SP2 Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap. SUSE Linux Enterprise SDK 10 SP2 International Components for Unicode (ICU) 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems, does not properly handle invalid byte sequences during Unicode conversion, which might allow remote attackers to conduct cross-site scripting (XSS) attacks. SUSE Linux Enterprise SDK 10 SP2 Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response. SUSE Linux Enterprise SDK 10 SP2 Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn." SUSE Linux Enterprise SDK 10 SP2 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory. SUSE Linux Enterprise SDK 10 SP2 Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow. SUSE Linux Enterprise SDK 10 SP2 Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value. SUSE Linux Enterprise SDK 10 SP2 Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow. SUSE Linux Enterprise SDK 10 SP2 Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to "table parsing." SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits. SUSE Linux Enterprise Realtime 10 SP2 fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, leading to use of a -1 return value as an array index. SUSE Linux Enterprise Realtime 10 SP2 drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and 2.6.28.x before 2.6.28.2, allows local users to cause a denial of service (system crash) via a read system call that specifies zero bytes from the (1) image_type or (2) packet_size file in /sys/devices/platform/dell_rbu/. SUSE Linux Enterprise SDK 10 SP2 OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mail text displayed to the user, which allows remote attackers to spoof a signature by modifying the latter copy, a different vulnerability than CVE-2008-5077. SUSE Linux Enterprise SDK 10 SP2 Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter. SUSE Linux Enterprise SDK 10 SP2 Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. SUSE Linux Enterprise SDK 10 SP2 icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Multiple integer overflows in Evolution Data Server (aka evolution-data-server) before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in (1) addressbook/libebook/e-vcard.c in evc or (2) camel/camel-mime-utils.c in libcamel. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length. SUSE Linux Enterprise SDK 10 SP2 ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate. SUSE Linux Enterprise SDK 10 SP2 Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol. SUSE Linux Enterprise SDK 10 SP2 The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an "inverted logic" issue. SUSE Linux Enterprise Realtime 10 SP2 SUSE Linux Enterprise SDK 10 SP2 The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request. SUSE Linux Enterprise SDK 10 SP2 Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number. SUSE Linux Enterprise SDK 10 SP2 Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option. SUSE Linux Enterprise SDK 10 SP2 sles10-ltss.i386 sles10-ltss.s390x sles10-ltss.x86_64 The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009. SUSE Linux Enterprise SDK 10 SP2 Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385. SUSE Linux Enterprise SDK 10 SP2 PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server. SUSE Linux Enterprise SDK 10 SP2 The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry. SUSE Linux Enterprise SDK 10 SP2 The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file that triggers a parsing error, which is not properly handled by JBIG2SymbolDict::~JBIG2SymbolDict and triggers an invalid memory dereference. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 The originates_from_local_legacy_unicast_socket function in avahi-core/server.c in avahi-daemon 0.6.23 does not account for the network byte order of a port number when processing incoming multicast packets, which allows remote attackers to cause a denial of service (network bandwidth and CPU consumption) via a crafted legacy unicast mDNS query packet that triggers a multicast packet storm. SUSE Linux Enterprise SDK 10 SP2 Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." SUSE Linux Enterprise SDK 10 SP2 Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key. SUSE Linux Enterprise SDK 10 SP2 Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179. SUSE Linux Enterprise SDK 10 SP2 Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. NOTE: this issue exists because of an incomplete fix for CVE-2009-0583. SUSE Linux Enterprise SDK 10 SP2 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read. SUSE Linux Enterprise SDK 10 SP2 Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. SUSE Linux Enterprise Realtime 10 SP2 SUSE Linux Enterprise SDK 10 SP2 The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343. SUSE Linux Enterprise Realtime 10 SP2 SUSE Linux Enterprise SDK 10 SP2 The __secure_computing function in kernel/seccomp.c in the seccomp subsystem in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform, when CONFIG_SECCOMP is enabled, does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass intended access restrictions via crafted syscalls that are misinterpreted as (a) stat or (b) chmod, a related issue to CVE-2009-0342 and CVE-2009-0343. SUSE Linux Enterprise SDK 10 SP2 The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read. SUSE Linux Enterprise SDK 10 SP2 The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token. SUSE Linux Enterprise SDK 10 SP2 The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer. SUSE Linux Enterprise SDK 10 SP2 The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic. SUSE Linux Enterprise Realtime 10 SP2 SUSE Linux Enterprise SDK 10 SP2 The shm_get_stat function in ipc/shm.c in the shm subsystem in the Linux kernel before 2.6.28.5, when CONFIG_SHMEM is disabled, misinterprets the data type of an inode, which allows local users to cause a denial of service (system hang) via an SHM_INFO shmctl call, as demonstrated by running the ipcs program. SUSE Linux Enterprise SDK 10 SP2 PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption. SUSE Linux Enterprise SDK 10 SP2 The console selection feature in the Linux kernel 2.6.28 before 2.6.28.4, 2.6.25, and possibly earlier versions, when the UTF-8 console is used, allows physically proximate attackers to cause a denial of service (memory corruption) by selecting a small number of 3-byte UTF-8 characters, which triggers an "off-by-two memory error." NOTE: it is not clear whether this issue crosses privilege boundaries. SUSE Linux Enterprise Realtime 10 SP2 SUSE Linux Enterprise SDK 10 SP2 nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option. sles10-ltss.i386 sles10-ltss.s390x sles10-ltss.x86_64 LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang). sles10-ltss.i386 sles10-ltss.s390x sles10-ltss.x86_64 Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data. sles10-ltss.i386 sles10-ltss.s390x sles10-ltss.x86_64 Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. sles10-ltss.i386 sles10-ltss.s390x sles10-ltss.x86_64 Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. sles10-ltss.i386 sles10-ltss.s390x sles10-ltss.x86_64 Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998. sles10-ltss.i386 sles10-ltss.s390x sles10-ltss.x86_64 Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via crafted glyph descriptions in a Type1 font, which bypasses a signed comparison and triggers a buffer overflow. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 sles10-ltss.i386 sles10-ltss.s390x sles10-ltss.x86_64 Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) "limits on Font creation," aka CR 6522586, and (2) another unspecified vector, aka CR 6632886. sles10-ltss.i386 sles10-ltss.s390x sles10-ltss.x86_64 Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "deserializing applets," aka CR 6646860. sles10-ltss.i386 sles10-ltss.s390x sles10-ltss.x86_64 The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent Javascript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors. sles10-ltss.i386 sles10-ltss.s390x sles10-ltss.x86_64 The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing JLabel HTML parsing vulnerability," aka CR 6782871. SUSE Linux Enterprise SDK 10 SP2 Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file. SUSE Linux Enterprise SDK 10 SP2 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data. SUSE Linux Enterprise SDK 10 SP2 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference. SUSE Linux Enterprise SDK 10 SP2 Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. SUSE Linux Enterprise SDK 10 SP2 The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file. SUSE Linux Enterprise SDK 10 SP2 Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information. SUSE Linux Enterprise SDK 10 SP2 Unspecified vulnerability in ClamAV before 0.95 allows remote attackers to bypass detection of malware via a modified RAR archive. SUSE Linux Enterprise SDK 10 SP2 Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field. SUSE Linux Enterprise Realtime 10 SP2 SUSE Linux Enterprise SDK 10 SP2 Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux kernel 2.6.24.4, and other versions before 2.6.30-rc1, might allow remote attackers to obtain sensitive information via a large length value, which causes "garbage" memory to be sent. SUSE Linux Enterprise SDK 10 SP2 Unspecified vulnerability in Wireshark before 1.0.7 has unknown impact and attack vectors. SUSE Linux Enterprise SDK 10 SP2 Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.2 through 1.0.6, when running on Windows, allows remote attackers to cause a denial of service (crash) via unknown attack vectors. SUSE Linux Enterprise SDK 10 SP2 The Check Point High-Availability Protocol (CPHAP) dissector in Wireshark 0.9.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FWHA_MY_STATE packet. SUSE Linux Enterprise SDK 10 SP2 Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file. SUSE Linux Enterprise SDK 10 SP2 libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted TAR file that causes (1) clamd and (2) clamscan to hang. SUSE Linux Enterprise SDK 10 SP2 The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function. SUSE Linux Enterprise SDK 10 SP2 The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x before 5.2.9 allows context-dependent attackers to cause a denial of service (crash) via a ZIP file that contains filenames with relative paths, which is not properly handled during extraction. SUSE Linux Enterprise SDK 10 SP2 Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow. SUSE Linux Enterprise Realtime 10 SP2 SUSE Linux Enterprise SDK 10 SP2 iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name. SUSE Linux Enterprise Realtime 10 SP2 SUSE Linux Enterprise SDK 10 SP2 The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application. SUSE Linux Enterprise SDK 10 SP2 Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns. SUSE Linux Enterprise SDK 10 SP2 Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file. SUSE Linux Enterprise SDK 10 SP2 Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information. SUSE Linux Enterprise SDK 10 SP2 The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol. SUSE Linux Enterprise SDK 10 SP2 Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927. SUSE Linux Enterprise SDK 10 SP2 The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug." SUSE Linux Enterprise SDK 10 SP2 Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak." SUSE Linux Enterprise SDK 10 SP2 Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate. SUSE Linux Enterprise SDK 10 SP2 ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello. SUSE Linux Enterprise SDK 10 SP2 The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug." SUSE Linux Enterprise SDK 10 SP2 Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the Linux kernel before 2.6.30 allows remote attackers to cause a denial of service (kernel memory corruption and crash) via a long packet. SUSE Linux Enterprise Realtime 10 SP2 SUSE Linux Enterprise SDK 10 SP2 Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.29 and earlier allows remote attackers to cause a denial of service (crash) via a long nativeFileSystem field in a Tree Connect response to an SMB mount request. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-0689. Reason: This candidate is a duplicate of CVE-2009-0689. Certain codebase relationships were not originally clear. Notes: All CVE users should reference CVE-2009-0689 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations. SUSE Linux Enterprise SDK 10 SP2 The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error. SUSE Linux Enterprise SDK 10 SP2 racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference. SUSE Linux Enterprise Realtime 10 SP2 SUSE Linux Enterprise SDK 10 SP2 The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files. SUSE Linux Enterprise SDK 10 SP2 Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2) the NAT-Traversal (aka NAT-T) keepalive implementation, related to src/racoon/nattraversal.c. SUSE Linux Enterprise Realtime 10 SP2 SUSE Linux Enterprise SDK 10 SP2 Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified "caches." SUSE Linux Enterprise SDK 10 SP2 Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to (1) the Imf::PreviewImage::PreviewImage function and (2) compressor constructors. NOTE: some of these details are obtained from third party information. SUSE Linux Enterprise SDK 10 SP2 The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. SUSE Linux Enterprise SDK 10 SP2 The hypervisor_callback function in Xen, possibly before 3.4.0, as applied to the Linux kernel 2.6.30-rc4, 2.6.18, and probably other versions allows guest user applications to cause a denial of service (kernel oops) of the guest OS by triggering a segmentation fault in "certain address ranges." SUSE Linux Enterprise SDK 10 SP2 Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 through 1.0.7 allows remote attackers to cause a denial of service (crash) via crafted PCNFSD packets. SUSE Linux Enterprise SDK 10 SP2 Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information. SUSE Linux Enterprise SDK 10 SP2 Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework. SUSE Linux Enterprise SDK 10 SP2 Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename. SUSE Linux Enterprise SDK 10 SP2 The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory. SUSE Linux Enterprise SDK 10 SP2 The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type, which allows remote attackers to cause a denial of service (application crash) via a crafted ICQ web message that triggers allocation of a large amount of memory. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption). SUSE Linux Enterprise SDK 10 SP2 The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type. SUSE Linux Enterprise SDK 10 SP2 Multiple integer overflows in the (1) user_info_callback, (2) user_endrow_callback, and (3) gst_pngdec_task functions (ext/libpng/gstpngdec.c) in GStreamer Good Plug-ins (aka gst-plugins-good or gstreamer-plugins-good) 0.10.15 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PNG file, which triggers a buffer overflow. SUSE Linux Enterprise SDK 10 SP2 The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564. SUSE Linux Enterprise SDK 10 SP2 Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input. SUSE Linux Enterprise Realtime 10 SP2 The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write functions. SUSE Linux Enterprise SDK 10 SP2 Heap-based buffer overflow in svtools/source/filter.vcl/wmf/enhwmf.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allows remote attackers to execute arbitrary code via a crafted EMF file, a similar issue to CVE-2008-2238. SUSE Linux Enterprise SDK 10 SP2 Multiple heap-based buffer overflows in cppcanvas/source/mtfrenderer/emfplus.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allow remote attackers to execute arbitrary code via a crafted EMF+ file, a similar issue to CVE-2008-2238. SUSE Linux Enterprise SDK 10 SP2 statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters. SUSE Linux Enterprise SDK 10 SP2 Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr. SUSE Linux Enterprise SDK 10 SP2 Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function. SUSE Linux Enterprise Realtime 10 SP2 Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to not ensuring that the key signature length in a Tag 11 packet is compatible with the key signature buffer size. SUSE Linux Enterprise Realtime 10 SP2 Heap-based buffer overflow in the parse_tag_3_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to a large encrypted key size in a Tag 3 packet. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5. SUSE Linux Enterprise SDK 10 SP2 Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information. SUSE Linux Enterprise SDK 10 SP2 Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework. SUSE Linux Enterprise SDK 10 SP2 Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. SUSE Linux Enterprise SDK 10 SP2 lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. SUSE Linux Enterprise SDK 10 SP2 Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability." SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace and is processed by the (1) Bluetooth L2CAP, (2) RADIUS, or (3) MIOP dissector. NOTE: it was later reported that the RADIUS issue also affects 0.10.13 through 1.0.9. SUSE Linux Enterprise SDK 10 SP2 Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2 through 1.2.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 Unspecified vulnerability in the Infiniband dissector in Wireshark 1.0.6 through 1.2.0, when running on unspecified platforms, allows remote attackers to cause a denial of service (crash) via unknown vectors. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable. SUSE Linux Enterprise SDK 10 SP2 Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error. SUSE Linux Enterprise SDK 10 SP2 Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the stop method during the loading of the error page. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and 4.3 before 4.3.3 does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs), which allows remote attackers to cause a denial of service (pluto IKE daemon crash) via malformed ASN.1 data. NOTE: this is due to an incomplete fix for CVE-2009-2185. SUSE Linux Enterprise SDK 10 SP2 The browser engine in Mozilla Firefox 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the TraceRecorder::snapshot function in js/src/jstracer.cpp, and unspecified other vectors. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 and other products, allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .ogg file. SUSE Linux Enterprise SDK 10 SP2 The js_watch_set function in js/src/jsdbgapi.cpp in the JavaScript engine in Mozilla Firefox before 3.0.12 allows remote attackers to cause a denial of service (assertion failure and application exit) or possibly execute arbitrary code via a crafted .js file, related to a "memory safety bug." NOTE: this was originally reported as affecting versions before 3.0.13. SUSE Linux Enterprise SDK 10 SP2 socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353. SUSE Linux Enterprise SDK 10 SP2 Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when running on Windows, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) the tiff_instantiate function processing a crafted TIFF file, (2) the png_instantiate function processing a crafted PNG file, and (3) the jpeg_instantiate function processing a crafted JPEG file, all which trigger a heap-based buffer overflow. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. SUSE Linux Enterprise Realtime 10 SP2 SUSE Linux Enterprise SDK 10 SP2 The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry. SUSE Linux Enterprise SDK 10 SP2 The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376. SUSE Linux Enterprise SDK 10 SP2 The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories. SUSE Linux Enterprise Realtime 10 SP2 SUSE Linux Enterprise SDK 10 SP2 The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename. SUSE Linux Enterprise Realtime 10 SP2 SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 Memory leak in the appletalk subsystem in the Linux kernel 2.4.x through 2.4.37.6 and 2.6.x through 2.6.31, when the appletalk and ipddp modules are loaded but the ipddp"N" device is not found, allows remote attackers to cause a denial of service (memory consumption) via IP-DDP datagrams. SUSE Linux Enterprise SDK 10 SP3 Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and 0.52.2 allows local users to cause a denial of service (application crash) or possibly execute arbitrary code via a request to display a crafted text dialog box. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 Integer signedness error in the ax25_setsockopt function in net/ax25/af_ax25.c in the ax25 subsystem in the Linux kernel before 2.6.31.2 allows local users to cause a denial of service (OOPS) via a crafted optlen value in an SO_BINDTODEVICE operation. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, related to LZW decompression. SUSE Linux Enterprise Realtime 10 SP2 SUSE Linux Enterprise SDK 10 SP2 The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to cause a denial of service (crash) via a link in a Yahoo IM. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 Buffer overflow in the set_page_size function in util.cxx in HTMLDOC 1.8.27 and earlier allows context-dependent attackers to execute arbitrary code via a long MEDIA SIZE comment. NOTE: it was later reported that there were additional vectors in htmllib.cxx and ps-pdf.cxx using an AFM font file with a long glyph name, but these vectors do not cross privilege boundaries. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the BinHex decoder in netwerk/streamconv/converters/nsBinHexDecoder.cpp, and unknown vectors. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 Unspecified vulnerability in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to use of mutable strings in the js_StringReplaceHelper function in js/src/jsstr.cpp, and unknown vectors. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbitrary PKCS11 module. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability." SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect "UTF16-LE" charset name. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, and 8.2 before 8.2.14 allows remote authenticated users to cause a denial of service (backend shutdown) by "re-LOAD-ing" libraries from a certain plugins directory. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time." SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file in a /tmp location before the download occurs, related to the Download Manager component. NOTE: some of these details are obtained from third party information. SUSE Linux Enterprise Realtime 10 SP2 NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an O_EXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the do_open_permission function even when a create fails. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing." SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index." SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-0787, CVE-2010-0788, CVE-2010-0789. Reason: this candidate was intended for one issue in Samba, but it was used for multiple distinct issues, including one in FUSE and one in ncpfs. Notes: All CVE users should consult CVE-2010-0787 (Samba), CVE-2010-0788 (ncpfs), and CVE-2010-0789 (FUSE) to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word document. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table property modifier in a Word document, related to a "boundary error flaw." SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by creating JavaScript web-workers recursively. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects." SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a crafted .ogg video file. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to "memory safety issues." SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information. SUSE Linux Enterprise Realtime 10 SP2 SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 Off-by-one error in the dissect_negprot_response function in packet-smb.c in the SMB dissector in Wireshark 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the (1) vport_create and (2) vport_delete files under /sys/class/scsi_host/, which allows local users to make arbitrary changes to SCSI host attributes by modifying these files. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1188. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, related to (1) glib/poppler-page.cc; (2) ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5) JBIG2Stream.cc, (6) PSOutputDev.cc, and (7) SplashOutputDev.cc in poppler/; and (8) SplashBitmap.cc, (9) Splash.cc, and (10) SplashFTFont.cc in splash/. NOTE: this may overlap CVE-2009-0791. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read. SUSE Linux Enterprise Realtime 10 SP2 SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881. SUSE Linux Enterprise Realtime 10 SP2 SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP2 The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of network traffic, as demonstrated by a flood ping. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls. SUSE Linux Enterprise Realtime 10 SP2 SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 The decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625. SUSE Linux Enterprise Realtime 10 SP2 SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document that trigger an integer overflow and a heap-based buffer overflow. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to "timing attack vulnerabilities," aka Bug Id 6863503. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP2 The dbg_lvl file for the megaraid_sas driver in the Linux kernel before 2.6.27 has world-writable permissions, which allows local users to change the (1) behavior and (2) logging level of the driver by modifying this file. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 Integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a crafted PSD file that triggers a heap-based buffer overflow. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp in libpr0n in Mozilla Firefox before 3.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an animated GIF file with a large image size, a different vulnerability than CVE-2009-3373. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from third party information. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c. SUSE Linux Enterprise Realtime 10 SP2 SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in the Linux kernel before 2.6.32-rc7 might allow attackers to cause a denial of service (invalid pointer dereference and OOPS) via vectors possibly related to a memory-consumption attack. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based PostgreSQL servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended client-hostname restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via a PDF file with a crafted Type 1 font that can produce a negative value, leading to a signed-to-unsigned integer conversion error and a buffer overflow. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service (application crash) via a large ZSIZE value in a black-and-white (aka B/W) RGB image that triggers an invalid pointer dereference. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 Cross-site scripting (XSS) vulnerability in the strip_tags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, related to HTML::Tokenizer and actionpack/lib/action_controller/vendor/html-scanner/html/node.rb. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm before 10.47.07 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an XPM image file that contains a crafted header field associated with a large color index value. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 Buffer overflow in the daintree_sna_read function in the Daintree SNA file parser in Wireshark 1.2.0 through 1.2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet that triggers a NULL pointer dereference, as demonstrated by fuzz-2009-12-07-11141.pcap. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted audio file. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 Stack-based buffer overflow in Namazu before 2.0.20 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted request containing an empty uri field. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. NOTE: this is due to an incomplete fix for CVE-2006-7244. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 net/bridge/netfilter/ebtables.c in the ebtables module in the netfilter framework in the Linux kernel before 2.6.33-rc4 does not require the CAP_NET_ADMIN capability for setting or modifying rules, which allows local users to bypass intended access restrictions and configure arbitrary network-traffic filtering via a modified ebtables application. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The sctp_rcv_ootb function in the SCTP implementation in the Linux kernel before 2.6.23 allows remote attackers to cause a denial of service (infinite loop) via (1) an Out Of The Blue (OOTB) chunk or (2) a chunk of zero length. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0091. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0088. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0085. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0084. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the ClassLoader of a constructor that is being deserialized. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0093. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted document. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger a call to the handler for the select event for XUL tree items. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via unspecified vectors that trigger access to deleted elements, related to a "dangling pointer vulnerability." SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, frees the contents of the window.navigator.plugins array while a reference to an array element is still active, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to a "dangling pointer vulnerability." SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading a chrome: URL and then loading a javascript: URL. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many images. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions via crafted content. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Use-after-free vulnerability in the nsCycleCollector::MarkRoots function in Mozilla Firefox 3.5.x before 3.5.10 and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a crafted HTML document, related to an improper frame construction process for menus. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList.cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an accompanying Low Memory alert dialog, and also triggers attempted removal of an observer from an empty observers array. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise 10 SP3 (SLE10-SP3) and openSUSE 11.2 configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote attackers to cause a denial of service (memory consumption) by breaking a request into small pieces that are sent at a slow rate. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header. SUSE Linux Enterprise SDK 10 SP3 OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode_request function, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly have unspecified other impact via a crafted argument. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 drivers/connector/connector.c in the Linux kernel before 2.6.32.8 allows local users to cause a denial of service (memory consumption and system crash) by sending the kernel many NETLINK_CONNECTOR messages. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing <br> sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nickname. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a denial of service (CPU consumption and application hang) by sending many smileys in a (1) IM or (2) chat. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file in the /tmp directory. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of administrators for requests that change settings. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service (NULL pointer dereference or heap memory corruption) or possibly execute arbitrary code via a crafted file. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations. SUSE Linux Enterprise SDK 10 SP3 Integer overflow in the predospecial function in dospecial.c in dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote attackers to execute arbitrary code via a crafted DVI file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Multiple format string vulnerabilities in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) 1.0.3, 0.9.5, and earlier and (2) iSCSI Enterprise Target (aka iscsitarget) 0.4.16 allow remote attackers to cause a denial of service (tgtd daemon crash) or possibly have unspecified other impact via vectors that involve the isns_attr_query and qry_rsp_handle functions, and are related to (a) client appearance and (b) client disappearance messages. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-3552. Reason: This candidate is a reservation duplicate of CVE-2010-3552. Notes: All CVE users should reference CVE-2010-3552 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 ncpfs 2.2.6 allows local users to cause a denial of service, obtain sensitive information, or possibly gain privileges via symlink attacks involving the (1) ncpmount and (2) ncpumount programs. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the results of privileged file-access attempts, which allows local users to determine the existence of arbitrary files via the mountpoint name. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs 2.2.6 do not properly create lock files, which allows local users to cause a denial of service (application failure) via unspecified vectors that trigger the creation of a /etc/mtab~ file that persists after the program exits. SUSE Linux Enterprise SDK 10 SP3 Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file. SUSE Linux Enterprise SDK 10 SP3 Multiple array index errors in set.c in dvipng 1.11 and 1.12, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed DVI file. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module in the JVM. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability." SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the Java Runtime Environment that allows remote attackers to execute arbitrary code via a JPEG image that contains subsample dimensions with large values, related to JPEGImageReader and "stepX". SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an uncontrolled array index that allows remote attackers to execute arbitrary code via a MIDI file with a crafted MixerSequencer object, related to the GM_Song structure. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to XNewPtr and improper handling of an integer parameter when allocating heap memory in the com.sun.media.sound libraries, which allows remote attackers to execute arbitrary code. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is for improper parsing of a crafted MIDI stream when creating a MixerSequencer object, which causes a pointer to be corrupted and allows a NULL byte to be written to arbitrary memory. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows remote attackers to execute arbitrary code, related to an "invalid assignment" and inconsistent length values in a JPEG image encoder (JPEGImageEncoderImpl). SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows arbitrary code execution via a crafted image. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 The processcompl_compat function in drivers/usb/core/devio.c in Linux kernel 2.6.x through 2.6.32, and possibly other versions, does not clear the transfer buffer before returning to userspace when a USB command fails, which might make it easier for physically proximate attackers to obtain sensitive information (kernel memory). SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 The ULE decapsulation functionality in drivers/media/dvb/dvb-core/dvb_net.c in dvb-core in Linux kernel 2.6.33 and earlier allows attackers to cause a denial of service (infinite loop) via a crafted MPEG2-TS frame, related to an invalid Payload Pointer ULE. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 The nfs_wait_on_request function in fs/nfs/pagelist.c in Linux kernel 2.6.x through 2.6.33-rc5 allows attackers to cause a denial of service (Oops) via unknown vectors related to truncating a file and an operation that is not interruptible. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP2 SUSE Linux Enterprise Server for SAP 10 SP3 fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always follow NFS automount "symlinks," which allows attackers to have an unknown impact, related to LOOKUP_FOLLOW. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collection, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The fbComposite function in fbpict.c in the Render extension in the X server in X.Org X11R7.1 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted request, related to an incorrect macro definition. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to "automagic methods." SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Perl code via a crafted script, related to the Safe module (aka Safe.pm) for Perl. NOTE: some sources report that this issue is the same as CVE-2010-1447. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The sctp_process_unk_param function in net/sctp/sm_make_chunk.c in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled, allows remote attackers to cause a denial of service (system crash) via an SCTPChunkInit packet containing multiple invalid parameters that require a large amount of error data. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an uploaded HTML document. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to execute arbitrary code via vectors involving multiple plugin instances. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.10, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger an assertion failure in jstracer.cpp. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The startDocumentLoad function in browser/base/content/browser.js in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, does not properly implement the Same Origin Policy in certain circumstances related to the about:blank document and a document that is currently loading, which allows (1) remote web servers to conduct spoofing attacks via vectors involving a 204 (aka No Content) status code, and allows (2) remote attackers to conduct spoofing attacks via vectors involving a window.stop call. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes, related to the NodeIterator interface and a javascript callback. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted HTML document. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements. SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third party information. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file that triggers a heap-based buffer overflow. SUSE Linux Enterprise SDK 10 SP3 Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and earlier, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a special command in a DVI file, related to the (1) predospecial and (2) bbdospecial functions, a different vulnerability than CVE-2010-0739. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote attackers to have an unspecified impact via a large image that triggers a buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-3143.12. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file. SUSE Linux Enterprise 10 SP2 Mono Extension SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Multiple integer overflows in libgdiplus 2.6.7, as used in Mono, allow attackers to execute arbitrary code via (1) a crafted TIFF file, related to the gdip_load_tiff_image function in tiffcodec.c; (2) a crafted JPEG file, related to the gdip_load_jpeg_image_internal function in jpegcodec.c; or (3) a crafted BMP file, related to the gdip_read_bmp_image function in bmpcodec.c, leading to heap-based buffer overflows. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a custom emoticon in a malformed SLP message. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Off-by-one error in the parseicon function in libclamav/pe_icons.c in ClamAV 0.96 allows remote attackers to cause a denial of service (crash) via a crafted PE icon that triggers an out-of-bounds read, related to improper rounding during scaling. SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \xff\xff security blob length in a Session Setup AndX request. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (session reset) via a malformed AS_PATHLIMIT path attribute. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstrated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a large number of packets that exceed the maximum length. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-1640. Reason: This candidate is a duplicate of CVE-2010-1640. Notes: All CVE users should reference CVE-2010-1640 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the (1) phar_stream_flush, (2) phar_wrapper_unlink, (3) phar_parse_url, or (4) phar_wrapper_open_url functions in ext/phar/stream.c; and the (5) phar_wrapper_open_dir function in ext/phar/dirstream.c, which triggers errors in the php_stream_wrapper_log_error function. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Multiple buffer overflows in the iSNS implementation in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) before 1.0.6, (2) iSCSI Enterprise Target (aka iscsitarget or IET) 1.4.20.1 and earlier, and (3) Generic SCSI Target Subsystem for Linux (aka SCST or iscsi-scst) 1.0.1.1 and earlier allow remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via (a) a long iSCSI Name string in an SCN message or (b) an invalid PDU. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer." SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The do_anonymous_page function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to the bottom page of a shared memory segment, as demonstrated by a memory-exhaustion attack against the X.Org X server. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 fs/cifs/cifssmb.c in the CIFS implementation in the Linux kernel before 2.6.34-rc4 allows remote attackers to cause a denial of service (panic) via an SMB response packet with an invalid CountHigh value, as demonstrated by a response from an OS/2 server, related to the CIFSSMBWrite and CIFSSMBWrite2 functions. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 The SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 The SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Buffer overflow in the SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementation in the NFS server in the Linux kernel before 2.6.34-rc6 allow remote attackers to cause a denial of service (panic) or possibly execute arbitrary code via a crafted NFSv4 compound WRITE request, related to the read_buf and nfsd4_decode_compound functions. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Array index error in the PK font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Array index error in the VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The nsDocShell::OnRedirectStateChange function in docshell/base/nsDocShell.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to spoof the SSL security status of a document via vectors involving multiple requests, a redirect, and the history.back and history.forward JavaScript functions. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Cascading Style Sheets (CSS) values in an array, related to references to external font resources and an inconsistency between 16-bit and 32-bit integers. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via vectors involving a XUL tree selection, related to a "dangling pointer vulnerability." NOTE: this issue exists because of an incomplete fix for CVE-2010-2753. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted function. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web servers via cross-origin requests. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a large number of values in the cols (aka columns) attribute, leading to a heap-based buffer overflow. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow remote attackers to execute arbitrary code via vectors involving access to a deleted object. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The navigator.plugins implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle destruction of the DOM plugin array, which might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted access to the navigator object, related to a "dangling pointer vulnerability." SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms via UTF-7 encoding. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote attackers to inject arbitrary web script or HTML via a selection that is added to a document in which the designMode property is enabled. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Mac OS X allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted font in a data: URL. SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Stack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3, when bidirectional data relay is enabled, allows context-dependent attackers to execute arbitrary code via long command-line arguments. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font. SUSE Linux Enterprise SDK 10 SP3 Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier (aka OID) represented as a numerical string containing many components separated by . (dot) characters. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an "integer truncation error." SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Integer overflow in simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted polygons in a PowerPoint document that triggers a heap-based buffer overflow. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 fs/jfs/xattr.c in the Linux kernel before 2.6.35.2 does not properly handle a certain legacy format for storage of extended attributes, which might allow local users by bypass intended xattr namespace restrictions via an "os2." substring at the beginning of a name. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Outbound Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 bgpd in Quagga before 0.99.17 does not properly parse AS paths, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unknown AS type in an AS path attribute in a BGP UPDATE message. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in the Linux kernel before 2.6.36-rc3-next-20100831 does not properly initialize certain structure members, which allows local users to leverage an off-by-one error in the ioctl_standard_iw_point function in net/wireless/wext-core.c, and obtain potentially sensitive information from kernel heap memory, via vectors involving an SIOCGIWESSID ioctl call that specifies a large buffer size. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 packet-gsm_a_rr.c in the GSM A RR dissector in Wireshark 1.2.2 through 1.2.9 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 The IPMI dissector in Wireshark 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.14 and 1.2.0 through 1.2.9 has unknown impact and remote attack vectors. NOTE: this issue exists because of a CVE-2010-2284 regression. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark 0.10.8 through 1.0.14 and 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to sigcomp-udvm.c and an off-by-one error, which triggers a buffer overflow, different vulnerabilities than CVE-2010-2287. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character (aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly have unspecified other impact via crafted use of the io_submit system call. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 include/asm-x86/futex.h in the Linux kernel before 2.6.25 does not properly implement exception fixup, which allows local users to cause a denial of service (panic) via an invalid application that triggers a page fault. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Windows XP allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .htm, .html, .jtx, .mfp, or .eml file. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Heap-based buffer overflow in the nsTextFrameUtils::TransformText function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a bidirectional text run. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The nsTreeContentView function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle node removal in XUL trees, which allows remote attackers to execute arbitrary code via vectors involving access to deleted memory, related to a "dangling pointer vulnerability." SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict the role of property changes in triggering XUL tree removal, which allows remote attackers to cause a denial of service (deleted memory access and application crash) or possibly execute arbitrary code by setting unspecified properties. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9, 3.6.x before 3.6.3, and 4.0.x before 4.0rc1, when Server Push is enabled in a web browser, allows remote attackers to inject arbitrary HTTP headers and content, and conduct HTTP response splitting attacks, via a crafted URL. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a Gopher server. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a long argument to the document.write method. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessing the locationbar property of a closed window. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a "dangling pointer" and the JS_ValueToId function. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The eql_g_master_cfg function in drivers/net/eql.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an EQL_GETMASTRCFG ioctl call. SUSE Linux Enterprise Server 10 SP3 The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Multiple integer signedness errors in net/rose/af_rose.c in the Linux kernel before 2.6.36-rc5-next-20100923 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a rose_getname function call, related to the rose_bind and rose_connect functions. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an "input stream position error" issue, a different vulnerability than CVE-2010-1797. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pam_xauth PAM check. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability." SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Buffer overflow in the find_stream_bounds function in pdf.c in libclamav in ClamAV before 0.96.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document. NOTE: some of these details are obtained from third party information. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and system crash) via a crafted index value in a PKT_CTRL_CMD_STATUS ioctl call. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Stack consumption vulnerability in the dissect_ber_unknown function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.4.x before 1.4.1 and 1.2.x before 1.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a long string in an unknown ASN.1/BER encoded packet, as demonstrated using SNMP. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in (1) an XSLT JAR filter description file, (2) an Extension (aka OXT) file, or unspecified other (3) JAR or (4) ZIP files. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed tables in an RTF document. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted tags in an RTF document. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492. SUSE Linux Enterprise SDK 10 SP3 Race condition in ZEO/StorageServer.py in Zope Object Database (ZODB) before 3.10.0 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or "otherwise-protected internal network names." SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is an HTTP request splitting vulnerability involving the handling of the chunked transfer encoding method by the HttpURLConnection class. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to unsafe reflection involving the UIDefault.ProxyLazyValue class. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that the ActiveX Plugin does not properly initialize an object field that is used as a window handle, which allows attackers to execute arbitrary code. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to the modification of "behavior and state of certain JDK classes" and "mutable static." SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows attackers to execute arbitrary code via a crafted BANK record that leads to a buffer overflow. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality via unknown vectors. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a double free vulnerability in IndexColorModel that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to "how Web Start retrieves security policies," BasicServiceImpl, and forged policies that bypass sandbox restrictions. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, related to JPEGImageWriter.writeImage in the imageio API. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that leads to a buffer overflow via a crafted devs (device information) tag structure in a color profile. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to a calculation error in right-to-left text character counts for the ICU OpenType font rendering implementation, which triggers an out-of-bounds memory access. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to execute arbitrary code by causing the defaultReadObject method in the Serialization API to set a volatile field multiple times. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the color profile parser that allows remote attackers to execute arbitrary code via a crafted Tag structure in a color profile. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a "next extension offset" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 soffice in OpenOffice.org (OOo) 3.x before 3.3 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1, and possibly other products, allows context-dependent attackers to cause a denial of service (crash) via a PDF file that triggers an uninitialized pointer dereference. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purple_base64_decode function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a crafted message, related to the plugins for MSN, MySpaceIM, XMPP, and Yahoo! and the NTLM authentication support. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Use-after-free vulnerability in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via vectors involving a change to an nsDOMAttribute node. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Integer overflow in the NewIdArray function in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via a JavaScript array with many elements. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows remote attackers to execute arbitrary code via vectors related to @font-face Cascading Style Sheets (CSS) rules. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to execute arbitrary code via a crafted document.write call that triggers a buffer over-read. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arbitrary web script or HTML via (1) x-mac-arabic, (2) x-mac-farsi, or (3) x-mac-hebrew characters that may be converted to angle brackets during rendering. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle injection of an ISINDEX element into an about:blank page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to redirection to a chrome: URI. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly calculate index values for certain child content in a XUL tree, which allows remote attackers to execute arbitrary code via vectors involving a DIV element within a treechildren element. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-0179. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The NS_SecurityCompareURIs function in netwerk/base/public/nsNetUtil.h in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle (1) about:neterror and (2) about:certerror pages, which allows remote attackers to spoof the location bar via a crafted web site. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary local files, and establish network connections via vectors involving a refresh value in the http-equiv attribute of a META element, which causes the wrong security principal to be used. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and Thunderbird 3.1.x before 3.1.7 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, Thunderbird before 3.0.11, and SeaMonkey before 2.0.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated by a PDF document with a crafted embedded font. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Stack-based buffer overflow in the econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to gain privileges by providing a large number of iovec structures. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The ec_dev_ioctl function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2 does not require the CAP_NET_ADMIN capability, which allows local users to bypass intended access restrictions and configure econet addresses via an SIOCSIFADDR ioctl call. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The X.25 implementation in the Linux kernel before 2.6.36.2 does not properly parse facilities, which allows remote attackers to cause a denial of service (heap memory corruption and panic) or possibly have unspecified other impact via malformed (1) X25_FAC_CALLING_AE or (2) X25_FAC_CALLED_AE data, related to net/x25/x25_facilities.c and net/x25/x25_in.c, a different vulnerability than CVE-2010-4164. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The ax25_getname function in net/ax25/af_ax25.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T net/packet/af_packet.c in the Linux kernel before 2.6.37-rc2 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_RAW capability to read copies of the applicable structures. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The get_name function in net/tipc/socket.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message that contains multiple attribute elements, as demonstrated by INET_DIAG_BC_JMP instructions. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue." SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The gs_type2_interpret function in Ghostscript allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) via crafted font data in a compressed data stream, aka bug 691043. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 The copy_shmid_to_user function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface." SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the (1) compat_sys_semctl, (2) compat_sys_msgctl, and (3) compat_sys_shmctl functions in ipc/compat.c; and the (4) compat_sys_mq_open and (5) compat_sys_mq_getsetattr functions in ipc/compat_mq.c. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The uart_get_count function in drivers/serial/serial_core.c in the Linux kernel before 2.6.37-rc1 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The rs_ioctl function in drivers/char/amiserial.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The ntty_ioctl_tiocgicount function in drivers/char/nozomi.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 The sisfb_ioctl function in drivers/video/sis/sis_main.c in the Linux kernel before 2.6.36-rc6 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FBIOGET_VBLANK ioctl call. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 The snd_hdsp_hwdep_ioctl function in sound/pci/rme9652/hdsp.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl call. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO ioctl call. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 The copy_semid_to_user function in ipc/sem.c in the Linux kernel before 2.6.36 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) IPC_INFO, (2) SEM_INFO, (3) IPC_STAT, or (4) SEM_STAT command in a semctl system call. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Double free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Integer overflow in the ioc_general function in drivers/scsi/gdth.c in the Linux kernel before 2.6.36.1 on 64-bit platforms allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large argument in an ioctl call. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM instruction, which allows local users to obtain potentially sensitive information from kernel stack memory via a crafted socket filter. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple integer overflows in the (1) pppol2tp_sendmsg function in net/l2tp/l2tp_ppp.c, and the (2) l2tp_ip_sendmsg function in net/l2tp/l2tp_ip.c, in the PPPoL2TP and IPoL2TP implementations in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (heap memory corruption and panic) or possibly gain privileges via a crafted sendto call. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (system crash) via a crafted device ioctl to a SCSI device. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.36.2 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple integer underflows in the x25_parse_facilities function in net/x25/x25_facilities.c in the Linux kernel before 2.6.36.2 allow remote attackers to cause a denial of service (system crash) via malformed X.25 (1) X25_FAC_CLASS_A, (2) X25_FAC_CLASS_B, (3) X25_FAC_CLASS_C, or (4) X25_FAC_CLASS_D facility data, a different vulnerability than CVE-2010-3873. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 cpio, as used in build 2007.05.10, 2010.07.28, and possibly other versions, allows remote attackers to overwrite arbitrary files via a symlink within an RPM package archive. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The hci_uart_tty_open function in the HCI UART driver (drivers/bluetooth/hci_ldisc.c) in the Linux kernel 2.6.36, and possibly other versions, does not verify whether the tty has a write operation, which allows local users to cause a denial of service (NULL pointer dereference) via vectors related to the Bluetooth driver. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Race condition in the __exit_signal function in kernel/exit.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors related to multithreaded exec, the use of a thread group leader in kernel/posix-cpu-timers.c, and the selection of a new thread group leader in the de_thread function in fs/exec.c. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service (system hang) via crafted use of the socketpair and sendmsg system calls for SOCK_SEQPACKET sockets. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service (memory consumption) by sending a large amount of network traffic, as demonstrated by netperf UDP tests. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL pointer dereference, or (3) page fault, as demonstrated by vectors involving the clear_child_tid feature and the splice system call. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV before 0.96.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka (1) "bb #2358" and (2) "bb #2396." SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Heap-based buffer overflow in the dissect_ldss_transfer function (epan/dissectors/packet-ldss.c) in the LDSS dissector in Wireshark 1.2.0 through 1.2.12 and 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an LDSS packet with a long digest line that triggers memory corruption. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in Wireshark 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted ZCL packet, related to Discover Attributes. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The aun_incoming function in net/econet/af_econet.c in the Linux kernel before 2.6.37-rc6, when Econet is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending an Acorn Universal Networking (AUN) packet over UDP. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 allows local users to cause a denial of service (daemon crash) via a message containing many nested variants. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment, a different vulnerability than CVE-2010-4475. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves "DNS cache poisoning by untrusted applets." SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ppc sles10-sp3-java.s390x Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs, a different vulnerability than CVE-2010-4462 and CVE-2010-4473. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs, a different vulnerability than CVE-2010-4454 and CVE-2010-4473. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 21 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or "clipboard access in Applets." SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows; and 1.4.2_29 and earlier for Windows allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to JDBC. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 sles10-sp3-java.i386 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs, a different vulnerability than CVE-2010-4454 and CVE-2010-4462. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment, a different vulnerability than CVE-2010-4447. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The load_mixer_volumes function in sound/oss/soundcard.c in the OSS sound subsystem in the Linux kernel before 2.6.37 incorrectly expects that a certain name field ends with a '\0' character, which allows local users to conduct buffer overflow attacks and gain privileges, or possibly obtain sensitive information from kernel memory, via a SOUND_MIXER_SETLEVELS ioctl call. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer underflow in the irda_getsockopt function in net/irda/af_irda.c in the Linux kernel before 2.6.37 on platforms other than x86 allows local users to obtain potentially sensitive information from kernel heap memory via an IRLMP_ENUMDEVICES getsockopt call. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Card Interface Devices (CCID) driver, as used in pcscd in PCSC-Lite 1.5.3 and possibly other products, allows physically proximate attackers to execute arbitrary code via a smart card with a crafted serial number that causes a negative value to be used in a memcpy operation, which triggers a buffer overflow. NOTE: some sources refer to this issue as an integer overflow. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Stack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset (ATR) Handler (atrhandler.c) for pcscd in PCSC-Lite 1.5.3, and possibly other 1.5.x and 1.6.x versions, allows physically proximate attackers to cause a denial of service (crash) and possibly execute arbitrary code via a smart card with an ATR message containing a long attribute value. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Buffer overflow in the sect_enttec_dmx_da function in epan/dissectors/packet-enttec.c in Wireshark 1.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ENTTEC DMX packet with Run Length Encoding (RLE) compression. SUSE Linux Enterprise SDK 10 SP3 The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections. SUSE Linux Enterprise SDK 10 SP3 Stack-based buffer overflow in the load_preset_response function in plug-ins/lighting/lighting-ui.c in the "LIGHTING EFFECTS > LIGHT" plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Position field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. NOTE: some of these details are obtained from third party information. SUSE Linux Enterprise SDK 10 SP3 Stack-based buffer overflow in the loadit function in plug-ins/common/sphere-designer.c in the SPHERE DESIGNER plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long "Number of lights" field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. SUSE Linux Enterprise SDK 10 SP3 Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb function in plug-ins/gfig/gfig-style.c in the GFIG plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Foreground field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. NOTE: some of these details are obtained from third party information. SUSE Linux Enterprise SDK 10 SP3 Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are obtained from third party information. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document. SUSE Linux Enterprise SDK 10 SP3 Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 Integer overflow in the ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large value of a certain structure member. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability for an ethtool ioctl call. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer overflow in the ReadDirectory function in tiffdump.c in tiffdump in LibTIFF before 3.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF file containing a directory data structure with many directory entries. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.37-rc7 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device, related to an unaligned map. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4163. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent attackers to cause a denial of service (heap memory corruption) or have unspecified other impact via vectors related to use of __set, __get, __isset, and __unset methods on objects accessed by a reference. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Stack-based buffer overflow in the GD extension in PHP before 5.2.15 and 5.3.x before 5.3.4 allows context-dependent attackers to cause a denial of service (application crash) via a large number of anti-aliasing steps in an argument to the imagepstext function. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 The iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 does not properly handle encodings that are unrecognized by the iconv and mbstring (aka Multibyte String) implementations, which allows remote attackers to trigger an incomplete output array, and possibly bypass spam detection or have unspecified other impact, via a crafted Subject header in an e-mail message, as demonstrated by the ks_c_5601-1987 character set. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The GLX extension in X.Org xserver 1.7.7 allows remote authenticated users to cause a denial of service (server crash) and possibly execute arbitrary code via (1) a crafted request that triggers a client swap in glx/glxcmdsswap.c; or (2) a crafted length or (3) a negative value in the screen field in a request to glx/glxcmds.c. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and earlier allows local users to read arbitrary memory and possibly cause a denial of service (server crash) via unspecified vectors related to an "input sanitization flaw." SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving non-local JavaScript variables, aka an "upvarMap" issue. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Use-after-free vulnerability in the JSON.stringify method in js3250.dll in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via unspecified vectors related to the js_HasOwnProperty function and garbage collection. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving exception timing and a large number of string values, aka an "atom map" issue. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Use-after-free vulnerability in the Web Workers implementation in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to execute arbitrary code via vectors related to a JavaScript Worker and garbage collection. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long string that triggers construction of a long text run. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugin and received a 307 redirect to a page on a different web site. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mChannel. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mObserverList. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly implement autocompletion for forms, which allows remote attackers to read form history entries via a Java applet that spoofs interaction with the autocomplete controls. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0070. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0069. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer." SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0077, and CVE-2011-0078. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Embedding Plugin (JEP) in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, on Mac OS X allows remote attackers to bypass intended access restrictions via unknown vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0078. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0077. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer." SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue." SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 The class file parser in IBM Java before 1.4.2 SR13 FP9, as used in IBM Runtimes for Java Technology 5.0.0 before SR13 and 6.0.0 before SR10, allows remote authenticated users to cause a denial of service (JVM segmentation fault, and possibly memory consumption or an infinite loop) via a crafted attribute length field in a class file, which triggers a buffer over-read. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of RARs. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 The ASN.1 BER dissector in Wireshark 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (assertion failure) via crafted packets, as demonstrated by fuzz-2010-12-30-28473.pcap. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The dvb_ca_ioctl function in drivers/media/dvb/ttpci/av7110_ca.c in the Linux kernel before 2.6.38-rc2 does not check the sign of a certain integer field, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a negative value. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Buffer overflow in the mainloop function in nbd-server.c in the server in Network Block Device (nbd) before 2.9.20 might allow remote attackers to execute arbitrary code via a long request. NOTE: this issue exists because of a CVE-2005-3534 regression. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed file. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 Race condition in the cm_work_handler function in the InfiniBand driver (drivers/infiniband/core/cma.c) in Linux kernel 2.6.x allows remote attackers to cause a denial of service (panic) by sending an InfiniBand request while other request handlers are still running, which triggers an invalid pointer dereference. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The task_show_regs function in arch/s390/kernel/traps.c in the Linux kernel before 2.6.38-rc4-next-20110216 on the s390 platform allows local users to obtain the values of the registers of an arbitrary process by reading a status file under /proc/. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long record in a Nokia DCT3 trace file. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 GPLv3 Extras for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 GPLv3 Extras for IBM POWER SUSE Linux Enterprise Server 10 GPLv3 Extras for IBM zSeries 64bit SUSE Linux Enterprise Server 10 GPLv3 Extras for IPF SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The do_task_stat function in fs/proc/array.c in the Linux kernel before 2.6.39-rc1 does not perform an expected uid check, which makes it easier for local users to defeat the ASLR protection mechanism by reading the start_code and end_code fields in the /proc/#####/stat file for a process executing a PIE binary. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 The extract function in PHP before 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent attackers to bypass intended access restrictions by modifying data structures that were not intended to depend on external input, a related issue to CVE-2005-2691 and CVE-2006-3758. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Race condition in the PCNTL extension in PHP before 5.3.4, when a user-defined signal handler exists, might allow context-dependent attackers to cause a denial of service (memory corruption) via a large number of concurrent signals. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Integer overflow in the mt_rand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mt_getrandmax. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0788. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T sles10-sp3-java.i386 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0786. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0814. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0802. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to AWT. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T sles10-sp3-java.i386 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T sles10-sp3-java.i386 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Java Runtime Environment. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T sles10-sp3-java.i386 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T sles10-sp3-java.i386 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 26 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to SAAJ. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T sles10-sp3-java.i386 sles10-sp3-java.ia64 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect availability via unknown vectors related to NIO. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T sles10-sp3-java.i386 sles10-sp3-java.ppc sles10-sp3-java.s390x sles10-sp3-java.x86_64 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 dhcpcd before 5.2.12 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these details are obtained from third party information. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Buffer overflow in the mac_partition function in fs/partitions/mac.c in the Linux kernel before 2.6.37.2 allows local users to cause a denial of service (panic) or possibly have unspecified other impact via a malformed Mac OS partition table. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The ldm_parse_vmdb function in fs/partitions/ldm.c in the Linux kernel before 2.6.38-rc6-git6 does not validate the VBLK size value in the VMDB structure in an LDM partition table, which allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted partition table. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do not properly validate data related to the AA resolve registers, which allows local users to write to arbitrary memory locations associated with (1) Video RAM (aka VRAM) or (2) the Graphics Translation Table (GTT) via crafted values. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel 2.6.37.2 and earlier might allow local users to gain privileges or obtain sensitive information via a crafted LDM partition table. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 does not initialize a certain response buffer, which allows local users to obtain potentially sensitive information from kernel memory via vectors that cause this buffer to be only partially filled, a different vulnerability than CVE-2010-4649. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The do_replace function in net/bridge/netfilter/ebtables.c in the Linux kernel before 2.6.39 does not ensure that a certain name field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability to replace a table, and then reading a modprobe command line. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c in the Linux kernel before 2.6.38 stores NFSv4 ACL data in memory that is allocated by kmalloc but not properly freed, which allows local users to cause a denial of service (panic) via a crafted attempt to set an ACL. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG notification packet, and allows (2) remote Yahoo! servers to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG SMS message. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (crash) and possibly read sensitive memory via a large third argument to the shmop_read function. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel before 2.6.38 does not properly handle packets for a CLOSED endpoint, which allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending a DCCP-Close packet followed by a DCCP-Reset packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Off-by-one error in the dissect_6lowpan_iphc function in packet-6lowpan.c in Wireshark 1.4.0 through 1.4.3 on 32-bit platforms allows remote attackers to cause a denial of service (application crash) via a malformed 6LoWPAN IPv6 packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 wiretap/pcapng.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) via a pcap-ng file that contains a large packet-length field. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow remote attackers to cause a denial of service (infinite recursion) via a crafted (1) SMB or (2) Connection-less LDAP (CLDAP) packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark before 1.4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted .pcap file. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The tpm_open function in drivers/char/tpm/tpm.c in the Linux kernel before 2.6.39 does not initialize a certain buffer, which allows local users to obtain potentially sensitive information from kernel memory via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing. SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a denial of service (host crash) by specifying user mode execution without user-mode pagetables. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T net/ipv4/netfilter/ip_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T net/ipv6/netfilter/ip6_tables.c in the IPv6 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.39 on the x86_64 platform allows remote attackers to obtain potentially sensitive information from kernel stack memory by reading uninitialized data in the ah field of an Acorn Universal Networking (AUN) packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 Multiple integer overflows in the load_image function in file-pcx.c in the Personal Computer Exchange (PCX) plugin in GIMP 2.6.x and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PCX image that triggers a heap-based buffer overflow. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple stack-based buffer overflows in the iriap_getvaluebyclass_indication function in net/irda/iriap.c in the Linux kernel before 2.6.39 allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging connectivity to an IrDA infrared network and sending a large integer value for a (1) name length or (2) attribute length. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T SUSE Linux Enterprise Server RT Solution 10 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T kernel/signal.c in the Linux kernel before 2.6.39 allows local users to spoof the uid and pid of a signal sender via a sigqueueinfo system call. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak." SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Buffer overflow in the strval function in PHP before 5.3.6, when the precision configuration option has a large value, might allow context-dependent attackers to cause a denial of service (application crash) via a small numerical value in the argument. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer overflow in the SdnToJulian function in the Calendar extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a large integer in the first argument to the cal_from_jd function. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument, a related issue to CVE-2010-4409. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service (memory consumption) via (1) plaintext data to the openssl_encrypt function or (2) ciphertext data to the openssl_decrypt function. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) by accessing an ftp:// URL during use of an HTTP proxy with the FTP wrapper. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer underflow in the Open Sound System (OSS) subsystem in the Linux kernel before 2.6.39 on unspecified non-x86 platforms allows local users to cause a denial of service (memory corruption) by leveraging write access to /dev/sequencer. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple array index errors in sound/oss/opl3.c in the Linux kernel before 2.6.39 allow local users to cause a denial of service (heap memory corruption) or possibly gain privileges by leveraging write access to /dev/sequencer. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Array index error in the rose_parse_national function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by composing FAC_NATIONAL_DIGIS data that specifies a large number of digipeaters, and then sending this data to a ROSE socket. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer overflow in the _ctl_do_mpt_command function in drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier might allow local users to gain privileges or cause a denial of service (memory corruption) via an ioctl call specifying a crafted value that triggers a heap-based buffer overflow. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier does not validate (1) length and (2) offset values before performing memory copy operations, which might allow local users to gain privileges, cause a denial of service (memory corruption), or obtain sensitive information from kernel memory via a crafted ioctl call, related to the _ctl_do_mpt_command and _ctl_diag_read_buffer functions. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script. SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip_enable and auth_enable are used, does not consider the amount of zero padding during calculation of chunk lengths for (1) INIT and (2) INIT ACK chunks, which allows remote attackers to cause a denial of service (OOPS) via crafted packet data. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the is_gpt_valid function in fs/partitions/efi.c in the Linux kernel 2.6.38 and earlier allows physically proximate attackers to cause a denial of service (OOPS) or possibly have unspecified other impact via a crafted size of the EFI GUID partition-table header on removable media. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kernel before 2.6.36 does not properly determine the associations between users and sessions, which allows local users to bypass CIFS share authentication by leveraging a mount of a share by a different user. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x before 1.4.5 does not properly initialize certain global variables, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x before 1.4.5 on Windows uses an incorrect integer data type during decoding of SETCLIENTID calls, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel before 2.6.38.4 allow local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 Directory traversal vulnerability in the disk_create function in disk.c in rdesktop before 1.7.0, when disk redirection is enabled, allows remote RDP servers to read or overwrite arbitrary files via a .. (dot dot) in a pathname. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ncpfs 2.2.6 and earlier attempts to use (1) ncpmount to append to the /etc/mtab file and (2) ncpumount to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ncpmount in ncpfs 2.2.6 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allow local users to trigger buffer overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via vectors related to calls that specify a large number of memory pages. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4543. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419. SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Xen, when using x86 Intel processors and the VMX virtualization extension is enabled, does not properly handle cpuid instruction emulation when exiting the VM, which allows local guest users to cause a denial of service (guest crash) via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T gnomesu-pam-backend in libgnomesu 1.0.0 prints an error message but proceeds with the non-error code path upon failure of the setgid or setuid function, which allows local users to gain privileges by leveraging access to two unprivileged user accounts, and running many processes under one of these accounts. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The dissect_dcm_main function in epan/dissectors/packet-dcm.c in the DICOM dissector in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (infinite loop) via an invalid PDU length. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Diameter dictionary file. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 does not properly handle certain virtualizable buffers, which allows remote attackers to cause a denial of service (application crash) via a large length value in a snoop file that triggers a stack-based buffer over-read. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 does not validate a certain start parameter, which allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Double free vulnerability in the tvb_uncompress function in epan/tvbuff.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a packet with malformed data that uses zlib compression. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer underflow in the visual_read function in wiretap/visual.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a malformed Visual Networks file that triggers a heap-based buffer over-read. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel before 2.6.39.1 does not properly handle memory allocation for non-initial fragments, which might allow local users to conduct buffer overflow attacks, and gain privileges or obtain sensitive information, via a crafted LDM partition table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1017. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Buffer overflow in tftp-hpa before 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the utimeout option. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability." SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The hfs_find_init function in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and Oops) by mounting an HFS file system with a malformed MDB extent record. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2365. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2364. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and Thunderbird before 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, SeaMonkey 2.x, and possibly other products does not properly handle DOM objects, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to dereferencing of a "dangling pointer." SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The add_del_listener function in kernel/taskstats.c in the Linux kernel 2.6.39.1 and earlier does not prevent multiple registrations of exit handlers, which allows local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (memory consumption) via a crafted GIF image file. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-test1 and earlier might allow local users to gain privileges via a crafted command line. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already be running its maximum number of processes. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Network Lock Manager (NLM) protocol implementation in the NFS client functionality in the Linux kernel before 3.0 allows local users to cause a denial of service (system hang) via a LOCK_UN flock system call. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T kernel/taskstats.c in the Linux kernel before 3.1 allows local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another user's password. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer overflow in the vma_to_resize function in mm/mremap.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (BUG_ON and system crash) via a crafted mremap system call that expands a memory mapping. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources. SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 GPLv3 Extras for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 GPLv3 Extras for IBM POWER SUSE Linux Enterprise Server 10 GPLv3 Extras for IBM zSeries 64bit SUSE Linux Enterprise Server 10 GPLv3 Extras for IPF SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The qdisc_notify function in net/sched/sch_api.c in the Linux kernel before 2.6.35 does not prevent tc_fill_qdisc function calls referencing builtin (aka CQ_F_BUILTIN) Qdisc structures, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted call. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Buffer overflow in the clusterip_proc_write function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel before 2.6.39 might allow local users to cause a denial of service or have unspecified other impact via a crafted write operation, related to string data that lacks a terminating '\0' character. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1.4.x through 1.4.7, and 1.6.0 allows remote attackers to cause a denial of service (infinite loop) via malformed packets. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 The modify_resolvconf_suse script in the vpnc package before 0.5.1-55.10.1 in SUSE Linux Enterprise Desktop 11 SP1 might allow remote attackers to execute arbitrary commands via a crafted DNS domain name. SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 Stack-based buffer overflow in the Lotus Word Pro import filter in LibreOffice before 3.3.3 allows remote attackers to execute arbitrary code via a crafted .lwp file. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issue exists because of a regression during Ruby 1.8.6 development. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 GPLv3 Extras for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 GPLv3 Extras for IBM POWER SUSE Linux Enterprise Server 10 GPLv3 Extras for IBM zSeries 64bit SUSE Linux Enterprise Server 10 GPLv3 Extras for IPF SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page). SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer overflow in libsndfile before 1.0.25 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PARIS Audio Format (PAF) file that triggers a heap-based buffer overflow. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Off-by-one error in the elem_cell_id_aux function in epan/dissectors/packet-ansi_a.c in the ANSI MAP dissector in Wireshark 1.4.x before 1.4.8 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (infinite loop) via an invalid packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The IPv6 implementation in the Linux kernel before 3.1 does not generate Fragment Identification values separately for each destination, which makes it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPI_MECH_CONF environment variable, as demonstrated using mount.nfs. SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted DOC file that triggers an out-of-bounds read in the DOC sprm parser. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Off-by-one error in the cli_hm_scan function in matcher-hash.c in libclamav in ClamAV before 0.97.2 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message that is not properly handled during certain hash calculations. SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Off-by-one error in the __addr_ok macro in Xen 3.3 and earlier allows local 64 bit PV guest administrators to cause a denial of service (host crash) via unspecified hypercalls that ignore virtual-address bits. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The befs_follow_link function in fs/befs/linuxvfs.c in the Linux kernel before 3.1-rc3 does not validate the length attribute of long symlinks, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) by accessing a long symlink on a malformed Be filesystem. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file, a different vulnerability than CVE-2011-2697. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Untrusted search path vulnerability in the ThinkPadSensor::Startup function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, allows local users to gain privileges by leveraging write access in an unspecified directory to place a Trojan horse DLL that is loaded into the running Firefox process. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site, possibly related to a use-after-free. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that triggers an unspecified internal error. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Google Chrome before 19.0.1084.46 on Linux does not properly mitigate an unspecified flaw in an NVIDIA driver, which has unknown impact and attack vectors. NOTE: see CVE-2012-3105 for the related MFSA 2012-34 issue in Mozilla products. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for x86 Xen 4.1.1 and earlier allows local guest OS kernels with control of a PCI[E] device to cause a denial of service (CPU consumption and host hang) via many crafted DMA requests that are denied by the IOMMU, which triggers a livelock. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam_environment file. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption). SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896. SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote server feature is enabled, allows local users to overwrite arbitrary files via unknown vectors. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer signedness error in the CIFSFindNext function in fs/cifs/cifssmb.c in the Linux kernel before 3.1 allows remote CIFS servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large length value in a response to a read request for a directory. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The div_long_long_rem implementation in include/asm-x86/div64.h in the Linux kernel before 2.6.26 on the x86 platform allows local users to cause a denial of service (Divide Error Fault and panic) via a clock_gettime system call. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol. SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The proto_tree_add_item function in Wireshark 1.6.0 through 1.6.1 and 1.4.0 through 1.4.8, when the IKEv1 protocol dissector is used, allows user-assisted remote attackers to cause a denial of service (infinite loop) via vectors involving a malformed IKE packet and many items in a tree. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (out-of-bounds memory access and daemon crash) via a Link State Update message with an invalid IPv6 prefix length. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The ospf6_lsa_is_changed function in ospf6_lsa.c in the OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via trailing zero values in the Link State Advertisement (LSA) header list of an IPv6 Database Description message. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ospf_packet.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via (1) a 0x0a type field in an IPv4 packet header or (2) a truncated IPv4 Hello packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The ospf_flood function in ospf_flood.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via an invalid Link State Advertisement (LSA) type in an IPv4 Link State Update message. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the ecommunity_ecom2str function in bgp_ecommunity.c in bgpd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by sending a crafted BGP UPDATE message over IPv4. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel before 2.6.39 does not properly handle DFS referrals, which allows remote CIFS servers to cause a denial of service (system crash) by placing a referral at the root of a share. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (application crash) via a malformed capture file that leads to an invalid root tvbuff, related to a "buffer exception handling vulnerability." SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to Deployment. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote attackers to affect integrity via unknown vectors related to Networking. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote authenticated users to affect confidentiality, related to JAXWS. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI, a different vulnerability than CVE-2011-3557. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI, a different vulnerability than CVE-2011-3556. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Sound. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The process_ra function in the router advertisement daemon (radvd) before 1.8.2 allows remote attackers to cause a denial of service (stack-based buffer over-read and crash) via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The process_rs function in the router advertisement daemon (radvd) before 1.8.2, when UnicastOnly is enabled, allows remote attackers to cause a denial of service (temporary service hang) via a large number of ND_ROUTER_SOLICIT requests. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Server for SAP 10 SP3 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The bytecode engine in ClamAV before 0.97.3 allows remote attackers to cause a denial of service (crash) via vectors related to "recursion level" and (1) libclamav/bytecode.c and (2) libclamav/bytecode_api.c. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird before 3.1.6 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior, a related issue to CVE-2011-3004. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D (aka D2D) API is used on Windows in conjunction with the Azure graphics back-end, allow remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas. NOTE: this issue exists because of a CVE-2011-2986 regression. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do not properly interact with the GPU memory behavior of a certain driver for Intel integrated GPUs, which allows remote attackers to bypass the Same Origin Policy and read image data via vectors related to WebGL textures. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service (pluto IKE daemon crash) via vectors related to the (1) quick_outI1_continue and (2) quick_outI1 functions. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The dissect_infiniband_common function in epan/dissectors/packet-infiniband.c in the Infiniband dissector in Wireshark 1.4.0 through 1.4.9 and 1.6.x before 1.6.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the erf_read_header function in wiretap/erf.c in the ERF file parser in Wireshark 1.4.0 through 1.4.9 and 1.6.x before 1.6.3 allows remote attackers to cause a denial of service (application crash) via a malformed file. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and "updating a negative key into a fully instantiated key." SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allows local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an "invalid log first block value." SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c. SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The encode_share_access function in fs/nfs/nfs4xdr.c in the Linux kernel before 2.6.29 allows local users to cause a denial of service (BUG and system crash) by using the mknod system call with a pathname on an NFSv4 filesystem. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Stack-based buffer overflow in the hfs_mac2asc function in fs/hfs/trans.c in the Linux kernel 2.6 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via an HFS image with a crafted len field. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 Cross-site scripting (XSS) vulnerability in Namazu before 2.0.21, when Internet Explorer 6 or 7 is used, allows remote attackers to inject arbitrary web script or HTML via a cookie. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers. SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Stack-based buffer overflow in the _canonicalize function in common/uloc.c in International Components for Unicode (ICU) before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant canonicalization. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2) ICQ message associated with buddy-list addition. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 The rose_parse_ccitt function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 does not validate the FAC_CCITT_DEST_NSAP and FAC_CCITT_SRC_NSAP fields, which allows remote attackers to (1) cause a denial of service (integer underflow, heap memory corruption, and panic) via a small length value in data sent to a ROSE socket, or (2) conduct stack-based buffer overflow attacks via a large length value in data sent to a ROSE socket. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via crafted data to a ROSE socket. SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function. SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The dissect_packet function in epan/packet.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a capture file, as demonstrated by an airopeek file. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly perform certain string conversions, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet, related to epan/to_str.c. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Buffer overflow in the reassemble_message function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a series of fragmented RLC packets. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a (1) Accellent 5Views (aka .5vw) file, (2) I4B trace file, or (3) NETMON 2 capture file. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The lanalyzer_read function in wiretap/lanalyzer.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a Novell capture file containing a record that is too small. SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier. SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a syscall or sysenter instruction, does not properly clear a flag for exception injection when injecting a General Protection Fault, which allows local PV guest OS users to cause a denial of service (guest crash) by later triggering an exception that would normally be handled within Xen. SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the xioscan_readline function in xio-readline.c in socat 1.4.0.0 through 1.7.2.0 and 2.0.0-b1 through 2.0.0-b4 allows local users to execute arbitrary code via the READLINE address. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a Link State Update (aka LS Update) packet that is smaller than the length specified in its header. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header field. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a message associated with a malformed Four-octet AS Number Capability (aka AS4 capability). SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108. SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T yast2-add-on-creator in SUSE inst-source-utils 2008.11.26 before 2008.11.26-0.9.1 and 2012.9.13 before 2012.9.13-0.8.1 allows local users to gain privileges via a crafted (1) file name or (2) directory name. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on javascript: URLs, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web page, related to a "DragAndDropJacking" issue. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to obtain sensitive information from process memory via vectors that trigger an out-of-bounds read. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to execute arbitrary code via an SVG animation. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a javascript: URL that is later interpreted in the about:sessionrestore context. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The nsWindow implementation in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 does not check the validity of an instance after event dispatching, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, as demonstrated by Mobile Firefox on Android. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (assertion failure and memory corruption) or possibly execute arbitrary code via vectors related to jsval.h and the js::array_shift function. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to execute arbitrary code via vectors related to crafted IndexedDB data. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (invalid gfxImageSurface free operation) or possibly execute arbitrary code by leveraging the use of "different number systems." SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via a multibyte character set. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when certain Windows Vista and Windows 7 configurations are used, does not properly restrict font-rendering attempts, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function with incorrect template arguments, which allows remote attackers to obtain sensitive information from video memory via a crafted WebGL.drawElements call. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via vectors related to short-circuited page loads, aka "Universal XSS (UXSS)." SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site (1) XMLHttpRequest or (2) WebSocket operation involving a nonstandard port number and an IPv6 address that contains certain zero fields. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) ISO-2022-KR or (2) ISO-2022-CN character set. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) Atom XML content. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and JavaFX 2.0.2 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and availability, related to AWT. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to I18n. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Serialization. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to CORBA. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Container or Deployment. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects, a different vulnerability than CVE-2011-4153. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not properly handled by the php_date_parse_tzfile cache. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Stack-based buffer overflow in the suhosin_encrypt_single_cookie function in the transparent cookie-encryption feature in the Suhosin extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and suhosin.multiheader are enabled, might allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header. SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 and other products, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a Batched (aka AndX) request that triggers infinite recursion. SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl. SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted vendorLength field in an ogg file. SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a BDF font. SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font. SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted SFNT string in a Type 42 font. SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a PCF font. SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, on 64-bit platforms allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors related to the cell table of a font. SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted dictionary data in a Type 1 font. SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font. SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted private-dictionary data in a Type 1 font. SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the NPUSHB and NPUSHW instructions in a TrueType font. SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font that lacks an ENCODING field. SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted header in a BDF font. SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the MIRP instruction in a TrueType font. SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Array index error in FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid stack read operation and memory corruption) or possibly execute arbitrary code via crafted glyph data in a BDF font. SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted ASCII string in a BDF font. SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph-outline data in a font. SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted font. SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files. SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities. SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message that lacks UTF-8 encoding. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 GPLv3 Extras for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 GPLv3 Extras for IBM POWER SUSE Linux Enterprise Server 10 GPLv3 Extras for IBM zSeries 64bit SUSE Linux Enterprise Server 10 GPLv3 Extras for IPF SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0247. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0248. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Microsoft CHM file parser in ClamAV 0.96.4 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CHM parser implementations. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Double free vulnerability in the PyPAM_conv in PAMmodule.c in PyPam 0.5.0 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a NULL byte in a password string. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier; and JavaFX 2.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier and 6 Update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-3159. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that the issue is due to an interaction error in between the JRE plug-in for WebKit-based browsers and the Javascript engine, which allows remote attackers to execute arbitrary code by modifying DOM nodes that contain applet elements in a way that triggers an incorrect reference count and a use after free. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure. SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer overflow in the mid function in toolkit/tbytevector.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted file header field in a media file, which triggers a large memory allocation. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T epan/dissectors/packet-ansi_a.c in the ANSI A dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The pcap_process_pseudo_header function in wiretap/pcap-common.c in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a WTAP_ENCAP_ERF file containing an Extension or Multi-Channel header with an invalid pseudoheader size, related to the pcap and pcap-ng file parsers. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The mp2t_process_fragmented_payload function in epan/dissectors/packet-mp2t.c in the MP2T dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a packet containing an invalid pointer value that triggers an incorrect memory-allocation attempt. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0259. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.2_37 and earlier, and JavaFX 2.1 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect availability via unknown vectors related to Security. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect integrity, related to CORBA. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1722. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1721. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) methodjit/ImmutableSync.cpp, (2) the JSObject::makeDenseArraySlow function in js/src/jsarray.cpp, and unknown other components. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird ESR 10.x before 10.0.5 does not properly determine data types, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted JavaScript code. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by changing the size of a container of absolutely positioned elements in a column. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code by resizing a window displaying absolutely positioned and relatively positioned elements in nested columns. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Mozilla Updater and Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allow local users to gain privileges by loading a DLL file in a privileged context. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a Trojan horse wsock32.dll file in an application directory. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block inline event handlers, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow remote attackers to execute arbitrary code via document changes involving replacement or insertion of a node. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code by interacting with objects used for SMIL Timing. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly perform a cast of a frame variable during processing of mixed row-group and column-group frames, which might allow remote attackers to execute arbitrary code via a crafted web site. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (buffer over-read, incorrect pointer dereference, and heap-based buffer overflow) or possibly execute arbitrary code via a crafted web site. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors involving multiple adoptions and empty documents. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and history.back calls. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within description elements in RSS feeds, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a feed. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 might allow remote attackers to execute arbitrary code via vectors related to focused content. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers (SCSW) during the cross-compartment wrapping of objects, which allows remote attackers to bypass intended XBL access restrictions via crafted content. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory via a crafted color profile that triggers an out-of-bounds read operation. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier for remote attackers to conduct clickjacking attacks via a FRAME element referencing a web site that produces these duplicate values. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving strings with multiple dependencies. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings placed into the blocked-uri parameter of a violation report, which allows remote web servers to capture OpenID credentials and OAuth 2.0 access tokens by triggering a violation. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The certificate-warning functionality in browser/components/certerror/content/aboutCertError.xhtml in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.10 does not properly handle attempted clickjacking of the about:certerror page, which allows man-in-the-middle attackers to trick users into adding an unintended exception via an IFRAME element. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascript: URL. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to garbage collection after certain MethodJIT execution, and unknown other vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel before 3.4.5 does not properly validate a certain length value, which allows local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly gain privileges by leveraging access to a TUN/TAP device. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and snmpd crash) via an SNMP GET request for an entry not in the extension table. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (application crash) via a sequence of XMPP file-transfer requests. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters in a text/plain message. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple buffer overflows in the hfsplus filesystem implementation in the Linux kernel before 3.3.5 allow local users to gain privileges via a crafted HFS plus filesystem, a related issue to CVE-2009-4020. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation. SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the length of an Escher graphics record in a PowerPoint (.ppt) document, which triggers a buffer overflow. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interface's own IP address, as demonstrated by rds-ping. SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypass authentication via a (1) empty or (2) zeroed RSA signature, aka "RSA signature verification vulnerability." SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers incorrect memory allocation. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet. SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for x86 The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service (memory consumption) via a large (1) bzip2 or (2) lzma compressed kernel image. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURITY DEFINER or (2) SET attributes to a procedural language's call handler. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP SYN+FIN packets in --syn rules, which might allow remote attackers to bypass intended firewall restrictions via crafted packets. NOTE: the CVE-2012-6638 fix makes this issue less relevant. SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose length is not evenly divisible by four. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer overflow in the ordered_malloc function in boost/pool/pool.hpp in Boost Pool before 3.9 makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large memory chunk size value, which causes less memory to be allocated than expected. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow." SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux kernel before 2.6.34, when the nf_conntrack_ipv6 module is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via certain types of fragmented IPv6 packets. SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the get_sos function in jdmarker.c in libjpeg-turbo 1.2.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large component count in the header of a JPEG image. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image. SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Buffer overflow in the exif_entry_format_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors. SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The exif_data_load_data function in exif-data.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image. SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (divide-by-zero error) via an image with crafted EXIF tags that are not properly handled during the formatting of EXIF maker note tags. SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow. SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Xen 4.0, and 4.1, when running a 64-bit PV guest on "older" AMD CPUs, does not properly protect against a certain AMD processor bug, which allows local guest OS users to cause a denial of service (host hang) via sequential execution of instructions across a non-canonical boundary, a different vulnerability than CVE-2012-0217. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Buffer overflow in the addchar function in common/parseconf.c in upsd in Network UPS Tools (NUT) before 2.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (electric-power outage) via a long string containing non-printable characters. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX, a different vulnerability than CVE-2012-5089. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1533. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422. NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the Reflection API, but that issue is already covered as part of CVE-2013-0422. This identifier is for a different vulnerability whose details are not public as of 20130114. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scripting. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 Integer overflow in plug-ins/common/psd.c in the Adobe Photoshop PSD plugin in GIMP 2.2.13 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted channels header value in a PSD image file, which triggers a heap-based buffer overflow, a different vulnerability than CVE-2009-3909. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted KiSS palette file, which triggers an "invalid free." SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix. SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The good_client function in rquotad (rquota_svc.c) in Linux DiskQuota (aka quota) before 3.17 invokes the hosts_ctl function the first time without a host name, which might allow remote attackers to bypass TCP Wrappers rules in hosts.deny. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the number of actual elements to the __pmDecodeCreds function in p_creds.c; (2) the string byte number value to the __pmDecodeNameList function in p_pmns.c; (3) the numids value to the __pmDecodeIDList function in p_pmns.c; (4) unspecified vectors to the __pmDecodeProfile function in p_profile.c; the (5) status number value or (6) string number value to the __pmDecodeNameList function in p_pmns.c; (7) certain input to the __pmDecodeResult function in p_result.c; (8) the name length field (namelen) to the DecodeNameReq function in p_pmns.c; (9) a crafted PDU_FETCH request to the __pmDecodeFetch function in p_fetch.c; (10) the namelen field in the __pmDecodeInstanceReq function in p_instance.c; (11) the buflen field to the __pmDecodeText function in p_text.c; (12) PDU_INSTANCE packets to the __pmDecodeInstance in p_instance.c; or the (13) c_numpmid or (14) v_numval fields to the __pmDecodeLogControl function in p_lcontrol.c, which triggers integer overflows, heap-based buffer overflows, and/or buffer over-reads. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an "event-driven programming flaw." SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_data_read_flags and (3) otrl_proto_accept_data functions in src/proto.c; and (4) decode function in toolkit/parse.c in libotr before 3.2.1 allocates a zero-length buffer when decoding a base64 string, which allows remote attackers to cause a denial of service (application crash) via a message with the value "?OTR:===.", which triggers a heap-based buffer overflow. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted height and len properties in a GIF image file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts by leveraging (1) stylesheet commands that are permitted by the libxslt security options or (2) an xslt_process feature, related to an XML External Entity (aka XXE) issue. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue. SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service (host crash) by writing to the reserved bits of the DR7 debug control register. SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for x86 The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain privileges via unspecified vectors. SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for x86 XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG triggered and host crash) via invalid flags such as MEMF_populate_on_demand. SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T (1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (NULL pointer dereference or memory corruption and host crash) or possibly have other unspecified impacts via a NULL client id. SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory via vectors related to a missing range check of map->index. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel before 2.6.19 allows local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID command. SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space." SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for x86 The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service (host crash) and possibly gain privileges via a crafted grant reference that triggers a write to an arbitrary hypervisor memory location. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 Race condition in the ns_client structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote attackers to cause a denial of service (memory consumption or process exit) via a large volume of TCP queries. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly iterate through the characters in a text run, which allows remote attackers to execute arbitrary code via a crafted document. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers creation of a new tab and then a new window. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a negative height value in a BMP image within a .ICO file, related to (1) improper handling of the transparency bitmask by the nsICODecoder component and (2) improper processing of the alpha channel by the nsBMPDecoder component. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted web site. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via vectors related to deletion of a fragment shader by its accessor. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via a crafted SVG filter that triggers an incorrect sum calculation, leading to a heap-based buffer overflow. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving movement of a requiredFeatures attribute from one SVG document to another. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based buffer over-read. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging the presence of the HTTPMonitor extension and connecting to that service through the HTTPMonitor port. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse executable file in a root directory. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 loads subresources during parsing of text/html data within an extension, which allows remote attackers to obtain sensitive information by providing crafted data to privileged extension code. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4930. Reason: This candidate is a duplicate of CVE-2012-4930. Notes: All CVE users should reference CVE-2012-4930 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location object, which allows remote attackers to bypass intended content-loading restrictions or possibly have unspecified other impact via vectors involving chrome code. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 15.0 on Android does not properly implement unspecified callers of the __android_log_print function, which allows remote attackers to execute arbitrary code via a crafted web page that calls the JavaScript dump function. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and triggers an eval operation. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has a SELECT element's menu active, which allows remote attackers to spoof page content via vectors involving absolute positioning and scrolling. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access after document.domain has been set. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 16.0 on Android assigns chrome privileges to Reader Mode pages, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code via vectors involving use of mozRequestFullScreen to enter full-screen mode, and use of the history.back method for backwards history navigation. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object, which allows remote attackers to execute arbitrary code or cause a denial of service (assertion failure) via a crafted web site. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the IME State Manager implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors, related to the nsIContent::GetNameSpaceID function. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content via vectors involving a location.hash write operation and history navigation that triggers the loading of a URL into the history object. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an "XrayWrapper pollution" issue. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and leverages the relationship between top.location and the location property. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the nsSMILAnimationController::DoSample function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not prevent access to properties of a prototype for a standard class, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Buffer overflow in the nsCharTraits::length function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and assertion failure) via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow remote attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site, a related issue to CVE-2012-4193. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 do not prevent use of the valueOf method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, and makes it easier for remote attackers to execute arbitrary JavaScript code by leveraging certain add-on behavior. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that sets the location.href property, which allows remote attackers to conduct cross-site scripting (XSS) attacks or read arbitrary files by leveraging a sandboxed add-on. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via a crafted GIF image. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The New Tab page in Mozilla Firefox before 17.0 uses a privileged context for execution of JavaScript code by bookmarklets, which allows user-assisted remote attackers to run arbitrary programs by leveraging a javascript: URL in a bookmark. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The str_unescape function in the JavaScript engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks or obtain sensitive information by leveraging a sandboxed add-on. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Untrusted search path vulnerability in the installer in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 on Windows allows local users to gain privileges via a Trojan horse DLL in the default downloads directory. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web site. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted stylesheet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-5840. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the nsViewManager::ProcessPendingUpdates function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::SetBreaks function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 LibreOffice 3.5.x before 3.5.7.2 and 3.6.x before 3.6.1, and OpenOffice.org (OOo), allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted (1) odt file to vcllo.dll, (2) ODG (Drawing document) file to svxcorelo.dll, (3) PolyPolygon record in a .wmf (Window Meta File) file embedded in a ppt (PowerPoint) file to tllo.dll, or (4) xls (Excel) file to scfiltlo.dll. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a zero-length message. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop or application crash) via a large value for a span length. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a large number of ACL entries. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly handle certain integer fields, which allows remote attackers to cause a denial of service (application exit) via a malformed packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1398. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error. SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. NOTE: this might be a duplicate of CVE-2007-0998. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel before 2.6.36 allows remote attackers to bypass intended network restrictions via overlapping IPv6 fragments. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop and physical CPU consumption) by setting a VCPU with an "inappropriate deadline." SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The (1) domain_pirq_to_emuirq and (2) physdev_unmap_pirq functions in Xen 2.2 allows local guest OS administrators to cause a denial of service (Xen crash) via a crafted pirq value that triggers an out-of-bounds read. SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause a denial of service (memory consumption and assertion failure), aka "Memory mapping failure DoS vulnerability." SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of service (hypervisor crash) via unspecified vectors. SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit hypervisors, allows local guest OS administrators to cause a denial of service (infinite loop and hang or crash) via invalid arguments to GNTTABOP_get_status_frames, aka "Grant table hypercall infinite loop DoS vulnerability." SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Concurrency. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity, related to JMX. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality via unknown vectors related to Security. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries, a different vulnerability than CVE-2012-5079. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, related to JMX. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries, a different vulnerability than CVE-2012-5073. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect availability, related to JSSE. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, 1.4.2_38 and earlier, and JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX, a different vulnerability than CVE-2012-3143. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records. SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The XENMEM_exchange handler in Xen 4.2 and earlier does not properly check the memory address, which allows local PV guest OS administrators to cause a denial of service (crash) or possibly gain privileges via unspecified vectors that overwrite memory in the hypervisor reserved range. SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier allow local guest administrators to cause a denial of service (long loop and hang) via a crafted extent_order value. SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The get_page_from_gfn hypercall function in Xen 4.2 allows local PV guest OS administrators to cause a denial of service (crash) via a crafted GFN that triggers a buffer over-read. SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6054. Reason: This candidate is a reservation duplicate of CVE-2012-6054. Notes: All CVE users should reference CVE-2012-6054 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6056. Reason: This candidate is a reservation duplicate of CVE-2012-6056. Notes: All CVE users should reference CVE-2012-6056 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack. SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to BDF fonts and the improper handling of an "allocation error" in the bdf_free_font function. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via function calls involving certain values of the level parameter. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via crafted data. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The copyTexImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via large image dimensions. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4214. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write actions, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The dissect_sflow_245_address_type function in epan/dissectors/packet-sflow.c in the sFlow dissector in Wireshark 1.8.x before 1.8.4 does not properly handle length calculations for an invalid IP address type, which allows remote attackers to cause a denial of service (infinite loop) via a packet that is neither IPv4 nor IPv6. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer overflow in the dissect_sack_chunk function in epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted Duplicate TSN count. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c. SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 3.6 does not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associated with a stream socket, which allows local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.3, IOS-XE 2.x through 3.9.xS, ASA and PIX 7.x through 9.1, FWSM, NX-OS, and StarOS before 14.0.50488 does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a (1) unicast or (2) multicast packet, aka Bug IDs CSCug34485, CSCug34469, CSCug39762, CSCug63304, and CSCug39795. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-0189, CVE-2013-0191. Reason: this identifier was intended for one issue, but it was inadvertently associated with multiple issues. Notes: All CVE users should consult CVE-2013-0189 and CVE-2013-0191 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage. SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 GPLv3 Extras for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 GPLv3 Extras for IBM POWER SUSE Linux Enterprise Server 10 GPLv3 Extras for IBM zSeries 64bit SUSE Linux Enterprise Server 10 GPLv3 Extras for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 GPLv3 Extras for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 GPLv3 Extras for IBM POWER SUSE Linux Enterprise Server 10 GPLv3 Extras for IBM zSeries 64bit SUSE Linux Enterprise Server 10 GPLv3 Extras for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (loop) by triggering ring pointer corruption. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third party information. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash) via a crafted packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because libxml2 already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed and each affected application would need its own CVE. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information, via ICMPv6 Router Advertisement (RA) messages. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competition at CanSecWest 2013. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to invocation of the system class loader by the sun.awt.datatransfer.ClassLoaderObjectInputStream class, which allows remote attackers to bypass Java sandbox restrictions. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via vectors related to JMX. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not properly handle error messages in a (1) command or (2) port number. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Libraries. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to interrupt certain threads that should not be interrupted. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect checks for proxy classes" in the Reflection API. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks." SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper restriction of com.sun.xml.internal packages and "Better handling of UI elements." SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-1476 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via certain methods that should not be serialized, aka "missing serialization restriction." SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper checks of "access control context" in the JMX RequiredModelMBean class. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in IBM Java SDK 7 before SR4-FP1, 6 before SR13-FP1, 5.0 before SR16-FP1, and 1.4.2 before SR13-FP16 has unknown impact and attack vectors related to Class Libraries. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA at the suggestion of the CVE project team. The candidate had been associated with a correct report of a security problem, but not a problem that is categorized as a vulnerability within CVE. Compromised or unauthorized SSL certificates are not within CVE's scope. Notes: none. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an HTML document with a table containing many columns and column groups. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly interact with garbage collection, which allows remote attackers to execute arbitrary code via a crafted HTML document referencing JavaScript objects. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 do not properly implement quickstubs that use the jsval data type for their return values, which allows remote attackers to execute arbitrary code or cause a denial of service (compartment mismatch and application crash) via crafted JavaScript code that is not properly handled during garbage collection. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same Origin Policy, which allows remote attackers to conduct clickjacking attacks via crafted JavaScript code that listens for a mutation event. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The XBL.__proto__.toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes it easier for remote attackers to bypass the ASLR protection mechanism by calling the toString function of an XBL object. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted string concatenation, leading to improper memory allocation and a heap-based buffer overflow. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do not restrict a touch event to a single IFRAME element, which allows remote attackers to obtain sensitive information or possibly conduct cross-site scripting (XSS) attacks via a crafted HTML document. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XBL file with multiple bindings that have SVG content. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via crafted web content. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the ListenerManager implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors involving the triggering of garbage collection after memory allocation for listener objects. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the mozVibrate implementation in the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors related to the domDoc pointer. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the obj_toSource function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted web page referencing JavaScript Proxy objects that are not properly handled during garbage collection. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of an object, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by referencing Object.prototype.__proto__ in a crafted HTML document. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to spoof the address bar via vectors involving authentication information in the userinfo field of a URL, in conjunction with a 204 (aka No Content) HTTP status code. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Buffer overflow in the CharDistributionAnalysis::HandleOneChar function in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the mozilla::TrackUnionStream::EndTrack implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to Mesa drivers and a resized WebGL canvas. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not ensure thread safety for SSL sessions, which allows remote attackers to execute arbitrary code via crafted data, as demonstrated by e-mail message data. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Stack-based buffer overflow in the Canvas implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via an HTML document that specifies invalid width and height values. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the gfxTextRun::ShrinkToLigatureBoundaries function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted GIF image. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modifications to a prototype, which allows remote attackers to obtain sensitive information from chrome objects or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspecified impact and remote attack vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via crafted web script. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script, as demonstrated by a phishing attack on an HTTPS site. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document that uses Cascading Style Sheets (CSS) -moz-column-* properties. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0 and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsContentUtils::HoldJSObjects function and the nsAutoPtr class, and other vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the browser engine in Mozilla Firefox before 20.0 on Android allows remote attackers to cause a denial of service (stack memory corruption and application crash) or possibly execute arbitrary code via unknown vectors involving a plug-in. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when gfx.color_management.enablev4 is used, do not properly handle color profiles during PNG rendering, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a grayscale PNG image. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 do not ensure the correctness of the address bar during history navigation, which allows remote attackers to conduct cross-site scripting (XSS) attacks or phishing attacks by leveraging control over navigation timing. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent origin spoofing of tab-modal dialogs, which allows remote attackers to conduct phishing attacks via a crafted web site. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The System Only Wrapper (SOW) implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 does not prevent use of the cloneNode method for cloning a protected node, which allows remote attackers to bypass the Same Origin Policy or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Untrusted search path vulnerability in the Mozilla Updater in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allows local users to gain privileges via a Trojan horse DLL file in an unspecified directory. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 20.0 on Android uses world-writable and world-readable permissions for the app_tmp installation directory in the local filesystem, which allows attackers to modify add-ons before installation via an application that leverages the time window during which app_tmp is used. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Buffer overflow in the Mozilla Maintenance Service in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, and Thunderbird ESR 17.x before 17.0.5 on Windows allows local users to gain privileges via crafted arguments. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect integrity via unknown vectors related to Deployment. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via "certain value handler constructors." SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" that can trigger an integer overflow and memory corruption. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 13 and earlier and 6 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via vectors related to 2D, as demonstrated by Joshua Drake during a Pwn2Own competition at CanSecWest 2013. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to weak permissions for shared memory. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "missing security restrictions." SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the default java.rmi.server.useCodebaseOnly setting of false, which allows remote attackers to perform "dynamic class downloading" and execute arbitrary code. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2433. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "missing security restrictions" in the LogStream.setDefaultStream method. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "checking of [a] glyph table" in the International Components for Unicode (ICU) Layout Engine before 51.2. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The dissect_oampdu_event_notification function in epan/dissectors/packet-slowprotocols.c in the IEEE 802.3 Slow Protocols dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle certain short lengths, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a large number of padding bits, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The dissect_bthci_eir_ad_data function in epan/dissectors/packet-bthci_cmd.c in the Bluetooth HCI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a counter variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The dissect_r3_cmd_alarmconfigure function in epan/dissectors/packet-assa_r3.c in the R3 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a certain alarm length, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The dissect_sdp_media_attribute function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly process crypto-suite parameters, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The dissect_sip_p_charging_func_addresses function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle offset data associated with a quoted string, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The dissect_pw_eth_heuristic function in epan/dissectors/packet-pw-eth.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle apparent Ethernet address values at the beginning of MPLS data, which allows remote attackers to cause a denial of service (loop) via a malformed packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The rtps_util_add_bitmap function in epan/dissectors/packet-rtps.c in the RTPS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly implement certain nested loops for processing bitmap data, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The dissect_cmstatus_tlv function in plugins/docsis/packet-cmstatus.c in the DOCSIS CM-STATUS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a position variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The dissect_pft_fec_detailed function in epan/dissectors/packet-dcp-etsi.c in the DCP-ETSI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle fragment gaps, which allows remote attackers to cause a denial of service (loop) via a malformed packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The dissect_clnp function in epan/dissectors/packet-clnp.c in the CLNP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly manage an offset variable, which allows remote attackers to cause a denial of service (infinite loop or application crash) via a malformed packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The dissect_version_4_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The dissect_version_5_and_6_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T epan/tvbuff.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly validate certain length values for the MS-MMC dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The fragment_set_tot_len function in epan/reassemble.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly determine the length of a reassembled packet for the DTLS dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple buffer overflows in the dissect_pft_fec_detailed function in the DCP-ETSI dissector in epan/dissectors/packet-dcp-etsi.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allow remote attackers to cause a denial of service (application crash) via a malformed packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Double free vulnerability in epan/proto.c in the dissection engine in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Buffer overflow in the NTLMSSP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824. SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the mozilla::dom::HTMLMediaElement::LookupMediaElementURITable function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted web site. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the nsIDocument::GetRootElement function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted web site. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the mozilla::ResetDir function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly restrict XBL user-defined functions, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges, or conduct cross-site scripting (XSS) attacks, via a crafted web site. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web site. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to read pixel values, and possibly bypass the Same Origin Policy and read text from a different domain, by observing timing differences in execution of filter code. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers use of a user-defined (1) toString or (2) valueOf method. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Stack-based buffer overflow in maintenanceservice.exe in the Mozilla Maintenance Service in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 allows local users to gain privileges via a long pathname on the command line. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Stack-based buffer overflow in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 allows local users to gain privileges via a long pathname on the command line to the Mozilla Maintenance Service. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly handle the interaction between FRAME elements and history, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving spoofing a relative location in a previously visited document. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting (XSS) attacks via vectors related to Certificate Request Message Format (CRMF) request generation. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 on Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 allow local users to gain privileges via a Trojan horse DLL in (1) the update directory or (2) the current working directory. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 use an incorrect URI within unspecified comparisons during enforcement of the Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks or install arbitrary add-ons via a crafted web site. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 does not properly restrict XMLHttpRequest calls, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via unspecified vectors. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a download to a fixed pathname or other predictable pathname. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-2561. Reason: This candidate is a duplicate of CVE-2013-2561. Notes: All CVE users should reference CVE-2013-2561 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running "under memory pressure" and the Xen Security Module (XSM) is enabled, uses the wrong ordering of operations when extending the per-domain event channel tracking table, which causes a use-after-free and allows local guest kernels to inject arbitrary events and gain privileges via unspecified vectors. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device. SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XQueryFont, (2) _XF86BigfontQueryFont, (3) XListFontsWithInfo, (4) XGetMotionEvents, (5) XListHosts, (6) XGetModifierMapping, (7) XGetPointerMapping, (8) XGetKeyboardMapping, (9) XGetWindowProperty, (10) XGetImage, (11) LoadColornameDB, (12) XrmGetFileDatabase, (13) _XimParseStringFile, or (14) TransFileName functions. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple integer overflows in X.org libXext 1.3.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XcupGetReservedColormapEntries, (2) XcupStoreColors, (3) XdbeGetVisualInfo, (4) XeviGetVisualInfo, (5) XShapeGetRectangles, and (6) XSyncListSystemCounters functions. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer overflow in X.org libXfixes 5.0 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XFixesGetCursorImage function. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMotionEvents, (5) XIGetProperty, (6) XIGetSelectedEvents, (7) XGetDeviceProperties, and (8) XListInputDevices functions. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer overflow in X.org libXinerama 1.1.2 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XineramaQueryScreens function. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple integer overflows in X.org libXrender 0.9.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRenderQueryFilters, (2) XRenderQueryFormats, and (3) XRenderQueryPictIndexValues functions. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple integer overflows in X.org libXRes 1.0.6 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XResQueryClients and (2) XResQueryClientResources functions. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple integer overflows in X.org libXv 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvQueryPortAttributes, (2) XvListImageFormats, and (3) XvCreateImage function. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple integer overflows in X.org libXvMC 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvMCListSurfaceTypes and (2) XvMCListSubpictureTypes functions. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple integer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XDGAQueryModes and (2) XDGASetMode functions. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple integer overflows in X.org libdmx 1.1.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) DMXGetScreenAttributes, (2) DMXGetWindowAttributes, and (3) DMXGetInputAttributes functions. SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XF86DRIOpenConnection and (2) XF86DRIGetClientDriverName functions. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T X.org libXi 1.7.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the XListInputDevices function. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T X.org libFS 1.0.4 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the FSOpenServer function. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XAllocColorCells, (2) _XkbReadGetDeviceInfoReply, (3) _XkbReadGeomShapes, (4) _XkbReadGetGeometryReply, (5) _XkbReadKeySyms, (6) _XkbReadKeyActions, (7) _XkbReadKeyBehaviors, (8) _XkbReadModifierMap, (9) _XkbReadExplicitComponents, (10) _XkbReadVirtualModMap, (11) _XkbReadGetNamesReply, (12) _XkbReadGetMapReply, (13) _XimXGetReadData, (14) XListFonts, (15) XListExtensions, and (16) XGetFontPath functions. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple buffer overflows in X.org libXi 1.7.1 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XGetDeviceButtonMapping, (2) XIPassiveGrabDevice, and (3) XQueryDeviceState functions. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Buffer overflow in X.org libXvMC 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvMCGetDRInfo function. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple buffer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XDGAQueryModes and (2) XDGASetMode functions. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Buffer overflow in X.org libXxf86vm 1.1.2 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XF86VidModeGetGammaRamp function. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Buffer overflow in X.org libXt 1.1.3 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the _XtResourceConfigurationEH function. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer overflow in X.org libXcursor 1.1.13 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the _XcursorFileHeaderCreate function. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11 1.5.99.901 (1.6 RC1) and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service (stack consumption) via a crafted file. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T X.org libXt 1.1.3 and earlier does not check the return value of the XGetWindowProperty function, which allows X servers to trigger use of an uninitialized pointer and memory corruption via vectors related to the (1) ReqCleanup, (2) HandleSelectionEvents, (3) ReqTimedOut, (4) HandleNormal, and (5) HandleSelectionReplies functions. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file. SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Buffer overflow in the atodn function in Openswan before 2.6.39, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2052 and CVE-2013-2054. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple integer overflows in X.org libXp 1.0.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XpGetAttributes, (2) XpGetOneAttribute, (3) XpGetPrinterList, and (4) XpQueryScreens functions. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer overflow in X.org libXtst 1.2.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XRecordGetContext function. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Buffer overflow in X.org libXv 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvQueryPortAttributes function. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "pointer dereferences" involving unexpected calculations. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "other problems" that are not CVE-2013-2194 or CVE-2013-2195. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers to cause a denial of service (crash) via a large LSA. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2384, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "handling of [a] glyph table" in the International Components for Unicode (ICU) Layout Engine before 51.2. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2383, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font layout" in the International Components for Unicode (ICU) Layout Engine before 51.2. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2432 and CVE-2013-1491. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "XML security and the class loader." SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient indication of an SSL connection failure by JConsole, related to RMI connection dialog box. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to Networking. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an information leak involving InetAddress serialization. CVE has not investigated the apparent discrepancy between vendor reports regarding the impact of this issue. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font processing errors" in the International Components for Unicode (ICU) Layout Engine before 51.2. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient "validation of images" in share/native/sun/awt/image/awt_ImageRep.c, possibly involving offsets. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper method-invocation restrictions by the MethodUtil trampoline class, which allows remote attackers to bypass the Java sandbox. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality via vectors related to JMX. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient class access checks" when "creating new instances" using MBeanInstantiator. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "JPEGImageWriter state corruption" when using native code, which triggers memory corruption. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; JavaFX 2.2.7 and earlier; and OpenJDK 6 and 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "JPEGImageReader state corruption" when using native code. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2394 and CVE-2013-1491. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-1540. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2440. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Deployment. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2435. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2466 and CVE-2013-2468. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2452 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect "checking order" within the AccessControlContext class. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not "properly manage and restrict certain resources related to the processing of fonts," possibly involving temporary files. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly enforce access restrictions for CORBA output streams. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to obtain a socket's local address via vectors involving inconsistencies between Socket.getLocalAddress and InetAddress.getLocalHost. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to insufficient "access restrictions" and "robustness of sound classes." SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper handling of circular references in ObjectStreamClass. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper enforcement of exclusive port binds when running on Windows, which allows attackers to bind to ports that are already in use. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "network address handling in virtual machine identifiers" and the lack of "unique and unpredictable IDs" in the java.rmi.dgc.VMID class. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to a missing check for "package access" by the MBeanServer Introspector. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via vectors related to JDBC. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly restrict access to certain class packages in the SerialJavaObject class, which allows remote attackers to bypass the Java sandbox. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2452. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect access checks by the (1) getEnclosingClass, (2) getEnclosingMethod, and (3) getEnclosingConstructor methods. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper access checks for subclasses in the ObjectOutputStream class. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect implementation of "certain class checks" that allows remote attackers to bypass intended class restrictions. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "integer overflow checks." SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image attribute verification" in 2D. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, and CVE-2013-2473. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2442 and CVE-2013-2468. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2442 and CVE-2013-2466. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image layout verification" in 2D. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "ImagingLib byte lookup processing." SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect IntegerComponentRaster size checks." SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ShortBandedRaster size checks" in 2D. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The TCP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The dissect_hartip function in epan/dissectors/packet-hartip.c in the HART/IP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a packet with a header that is too short. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The CSN.1 dissector in Wireshark 1.8.x before 1.8.6 does not properly manage function pointers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The dissect_server_info function in epan/dissectors/packet-ms-mms.c in the MS-MMS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not properly manage string lengths, which allows remote attackers to cause a denial of service (application crash) via a malformed packet that (1) triggers an integer overflow or (2) has embedded '\0' characters in a string. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The dissect_mpls_echo_tlv_dd_map function in epan/dissectors/packet-mpls-echo.c in the MPLS Echo dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via invalid Sub-tlv data. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The RTPS and RTPS2 dissectors in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allow remote attackers to cause a denial of service (application crash) via a malformed packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer signedness error in the dissect_mount_dirpath_call function in epan/dissectors/packet-mount.c in the Mount dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6, when nfs_file_name_snooping is enabled, allows remote attackers to cause a denial of service (application crash) via a negative length value. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The acn_add_dmp_data function in epan/dissectors/packet-acn.c in the ACN dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via an invalid count value in ACN_DMP_ADT_D_RE DMP data. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The CIMD dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The FCSP dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet, related to the (1) dissect_icecandidates, (2) dissect_kinddata, (3) dissect_nodeid_list, (4) dissect_storeans, (5) dissect_storereq, (6) dissect_storeddataspecifier, (7) dissect_fetchreq, (8) dissect_findans, (9) dissect_diagnosticinfo, (10) dissect_diagnosticresponse, (11) dissect_reload_messagecontents, and (12) dissect_reload_message functions, a different vulnerability than CVE-2013-2486. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not validate the fragment offset before invoking the reassembly state machine, which allows remote attackers to cause a denial of service (application crash) via a large offset value that triggers write access to an invalid memory location. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device. SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification, allows remote attackers to authenticate as other users via an invalid signature. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The com.ibm.CORBA.iiop.ClientDelegate class in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 improperly exposes the invoke method of the java.lang.reflect.Method class, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to the AccessController doPrivileged block. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3009 and CVE-2013-3012. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3009 and CVE-2013-3011. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device that is bus mastering capable that triggers a System Error Reporting (SERR) Non-Maskable Interrupt (NMI). SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshark 1.8.x before 1.8.7 calls incorrect functions in certain contexts related to ciphers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The fragment_add_seq_common function in epan/reassemble.c in the ASN.1 BER dissector in Wireshark before r48943 has an incorrect pointer dereference during a comparison, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java SE, Java SE Embedded component in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. SUSE Linux Enterprise Java 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Java 10 SP4 for IBM POWER SUSE Linux Enterprise Java 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Java 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect availability via unknown vectors. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to access restricted classes via unspecified vectors. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in Wireshark 1.8.x before 1.8.8 does not properly initialize memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Buffer overflow in the dissect_iphc_crtp_fh function in epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to nbap.cnf and packet-nbap.c. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x before 1.8.8 does not validate return values during checks for data availability, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The dissect_schedule_message function in epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (infinite loop and application hang) via a crafted packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The dissect_r3_upstreamcommand_queryconfig function in epan/dissectors/packet-assa_r3.c in the Assa Abloy R3 dissector in Wireshark 1.8.x before 1.8.8 does not properly handle a zero-length item, which allows remote attackers to cause a denial of service (infinite loop, and CPU and memory consumption) via a crafted packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The http_payload_subdissector function in epan/dissectors/packet-http.c in the HTTP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 does not properly determine when to use a recursive approach, which allows remote attackers to cause a denial of service (stack consumption) via a crafted packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The vwr_read function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.8 does not validate the relationship between a record length and a trailer length, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted TIFF image. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified operations related to addresses without associated memory. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information (hypervisor stack content) via unspecified vectors related to stale data in a segment register. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not properly determine the need for UDP Fragmentation Offload (UFO) processing of small packets after the UFO queueing of a large packet, which allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via network traffic that triggers a large response packet. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when CONFIG_IP_VS is used, allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability for (1) a getsockopt system call, related to the do_ip_vs_get_ctl function, or (2) a setsockopt system call, related to the do_ip_vs_set_ctl function. SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service (application hang) via a large argument to the jdtojewish function. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service (segmentation fault) via a (1) XAuth username, (2) EAP identity, or (3) PEM encoded file that starts with a 0x04, 0x30, or 0x31 character followed by an ASN.1 length value that triggers an integer overflow. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document that triggers expansion for many entities. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, 6.0.0 before SR15, and 5.0.0 before SR16 FP4 allows remote attackers to access restricted classes via unspecified vectors related to XML and XSL. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 before SR6 allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code via vectors related to deserialization inside the AccessController doPrivileged block. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to execute arbitrary code via unspecified vectors. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6 allows remote attackers to execute arbitrary code via unspecified vectors. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 Unspecified vulnerability in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address bar or conduct clickjacking attacks via vectors that trigger navigation off of a page containing this element. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly allocate memory for unspecified functions, which allows remote attackers to conduct buffer overflow attacks via a crafted web page. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 The cycle collection (CC) implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for release of an image object, which allows remote attackers to execute arbitrary code or cause a denial of service (race condition and application crash) via a large HTML document containing IMG elements, as demonstrated by the Never-Ending Reddit on reddit.com. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a state-change event during an update of the offline cache. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 does not properly handle the appending of an IFRAME element, which allows remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges by using this element within an embedded PDF object. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the nsIPresShell::GetPresContext function in the PresShell (aka presentation shell) implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a CANVAS element, a mozTextStyle attribute, and an onresize event. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the nsIOService::NewChannelFromURIWithProxyFlags function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code via vectors involving a blob: URL. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code via vectors related to a memory allocation through the garbage collection (GC) API. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Worker::SetEventListener function in the Web workers implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to direct proxies. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 Use-after-free vulnerability in the nsContentUtils::ContentIsHostIncludingDescendantOf function in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving HTML document templates. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The txXPathNodeUtils::getBaseURI function in the XSLT processor in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly initialize data, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via crafted documents. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration function. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack vectors. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by triggering improper garbage collection. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Swing. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to SCRIPTING. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5789, CVE-2013-5824, CVE-2013-5832, and CVE-2013-5852. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5787, CVE-2013-5824, CVE-2013-5832, and CVE-2013-5852. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to BEANS. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and JavaFX 2.2.40 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Javadoc. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JGSS. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JGSS. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Javadoc. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-5829. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5819 and CVE-2013-5831. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5818 and CVE-2013-5831. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to JAX-WS. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via unknown vectors related to Security. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5787, CVE-2013-5789, CVE-2013-5832, and CVE-2013-5852. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JAXP. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-5809. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5818 and CVE-2013-5819. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5787, CVE-2013-5789, CVE-2013-5824, and CVE-2013-5852. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u25 and earlier, and Java SE Embedded 7u25 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-5850. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JavaFX 2.2.40 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and JavaFX 2.2.40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to AWT. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-5842. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the Security component does not properly handle null XML namespace (xmlns) attributes during XML document canonicalization, which allows attackers to escape the sandbox. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to an incorrect check for code permissions by CORBA stub factories. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect availability via unknown vectors related to Deployment. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, when running with GNOME, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, CVE-2014-0418, and CVE-2014-0424. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that com.sun.corba.se and its sub-packages are not included on the restricted package list. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-0375 and CVE-2014-0403. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is due to incorrect input validation in LookupProcessor.cpp in the ICU Layout Engine, which allows attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted font file. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that CanonicalizerBase.java in the XML canonicalizer allows untrusted code to access mutable byte arrays. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 The compare_dn function in utils/identification.c in strongSwan 4.3.3 through 5.1.1 allows (1) remote attackers to cause a denial of service (out-of-bounds read, NULL pointer dereference, and daemon crash) or (2) remote authenticated users to impersonate arbitrary users and bypass access restrictions via a crafted ID_DER_ASN1_DN ID, related to an "insufficient length check" during identity comparison. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-7263, CVE-2013-7264, CVE-2013-7265, CVE-2013-7281. Reason: This candidate is a duplicate of CVE-2013-7263, CVE-2013-7264, CVE-2013-7265, and CVE-2013-7281. Notes: All CVE users should reference CVE-2013-7263, CVE-2013-7264, CVE-2013-7265, and/or CVE-2013-7281 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-7266, CVE-2013-7267, CVE-2013-7268, CVE-2013-7269, CVE-2013-7270, CVE-2013-7271. Reason: This candidate is a duplicate of CVE-2013-7266, CVE-2013-7267, CVE-2013-7268, CVE-2013-7269, CVE-2013-7270, and CVE-2013-7271. Notes: All CVE users should reference CVE-2013-7266, CVE-2013-7267, CVE-2013-7268, CVE-2013-7269, CVE-2013-7270, and/or CVE-2013-7271 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function. SLE CLIENT TOOLS 10 for s390x SLE CLIENT TOOLS 10 for x86 SLE CLIENT TOOLS 10 for x86_64 SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and Java SE Embedded 7u45, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to incorrect permission checks when listening on a socket, which allows attackers to escape the sandbox. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to throwing of an incorrect exception when SnmpStatusException should have been used in the SNMP implementation, which allows attackers to escape the sandbox. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5898 and CVE-2014-0403. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAXP. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to an improper check for "code permissions when creating document builder factories." SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u65 and Java SE 7u45, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5898 and CVE-2014-0375. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0415, CVE-2014-0418, and CVE-2014-0424. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information about encryption keys via a timing discrepancy during the TLS/SSL handshake. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0410, CVE-2014-0418, and CVE-2014-0424. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAAS. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to how principals are set for the Subject class, which allows attackers to escape the sandbox using deserialization of a crafted Subject instance. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JavaFX 2.2.45; and Java SE Embedded 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to missing package access checks in the Naming / JNDI component, which allows attackers to escape the sandbox. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability in DocumentHandler.java, related to Beans decoding. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, and CVE-2014-0418. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via unknown vectors related to Deployment. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-2412. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the random number generator's output. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involving XBL content scopes. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted image data, as demonstrated by Goo Create. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and application crash), or possibly have unspecified other impact via a crafted WAV file. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu selection. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document that is accessed after a browser restart. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different domain, via a timing attack involving feDisplacementMap elements, a related issue to CVE-2013-1693. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application crash), or possibly bypass the Same Origin Policy via vectors involving MathML polygon rendering. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF document. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage collection is occurring, as demonstrated by improper handling of BumpChunk objects. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based out-of-bounds write or read) via a crafted web site. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by triggering incorrect use of the TypedArrayObject class. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for which Notification.permission is granted. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to host resolution. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the mozilla::dom::workers::WorkerPrivateParent function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted audio content that is improperly handled during playback buffering. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, leading to improper handling of a DirectWrite font-face object. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-origin content via a crafted web site in conjunction with a redirect. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange event. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerability than CVE-2014-1559. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerability than CVE-2014-1558. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use ASCII character encoding in a required context. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted JavaScript code that is encountered during (1) page, (2) panel, or (3) toolbar customization. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a long byte sequence for an encoding, as demonstrated by the SEC_QuickDERDecodeItem function's improper handling of an arbitrary-length encoding of 0x00. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to improper interaction between threading and garbage collection in the GCRuntime::triggerGC function in js/src/jsgc.cpp, and unknown other vectors. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via Cascading Style Sheets (CSS) token sequences that trigger changes to capitalization style. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via an invalid custom waveform that triggers a calculation of a negative frequency value. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly execute arbitrary code via WebM frames with invalid tile sizes that are improperly handled in buffering operations during video playback. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers to bypass the Same Origin Policy via crafted API calls that access sensitive information within the JSON data of an alarm. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The WebRTC video-sharing feature in dom/media/MediaManager.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not properly recognize Stop Sharing actions for videos in IFRAME elements, which allows remote attackers to obtain sensitive information from the local camera by maintaining a session after the user tries to discontinue streaming. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not consider whether WebRTC video sharing is occurring, which allows remote attackers to obtain sensitive information from the local camera in certain IFRAME situations by maintaining a session after the user temporarily navigates away. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide stylesheets with an incorrect primary namespace, which allows remote attackers to bypass intended access restrictions via an XBL binding. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service (application crash) via a crafted JavaScript object. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox 33.0 and SeaMonkey before 2.31 include path strings in CSP violation reports, which allows remote attackers to obtain sensitive information via a web site that receives a report after a redirect. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding a second root element to an HTML5 document during parsing. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, which allows local users to obtain sensitive information by reading /tmp files, as demonstrated by credential information. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set to established. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality via unknown vectors related to 2D. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-0451. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Deployment. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite. SLE CLIENT TOOLS 10 for s390x SLE CLIENT TOOLS 10 for x86 SLE CLIENT TOOLS 10 for x86_64 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure. SLE CLIENT TOOLS 10 for s390x SLE CLIENT TOOLS 10 for x86 SLE CLIENT TOOLS 10 for x86_64 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c. SLE CLIENT TOOLS 10 for s390x SLE CLIENT TOOLS 10 for x86 SLE CLIENT TOOLS 10 for x86_64 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c. SLE CLIENT TOOLS 10 for s390x SLE CLIENT TOOLS 10 for x86 SLE CLIENT TOOLS 10 for x86_64 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c. SLE CLIENT TOOLS 10 for s390x SLE CLIENT TOOLS 10 for x86 SLE CLIENT TOOLS 10 for x86_64 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity via vectors related to JMX. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to "Diffie-Hellman key agreement." SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Swing. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5149. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5146. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) LIDT, or (4) LMSW instruction. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack" issue. SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP3 LTSS for x86 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))". SLE CLIENT TOOLS 10 for s390x SLE CLIENT TOOLS 10 for x86 SLE CLIENT TOOLS 10 for x86_64 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging (HAP). SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJMP, or (6) LRET far branch instruction. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly initialize memory for BMP images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers the rendering of malformed BMP data within a CANVAS element. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline operations, which allows remote attackers to cause a denial of service (uninitialized-memory read and application crash) via crafted API calls. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vectors related to the security manager. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitive information via unspecified vectors related to the security manager. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.98.5 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability to CVE-2014-9066. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability than CVE-2014-9065. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition." SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine. SLE CLIENT TOOLS 10 for s390x SLE CLIENT TOOLS 10 for x86 SLE CLIENT TOOLS 10 for x86_64 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations. SLE CLIENT TOOLS 10 for s390x SLE CLIENT TOOLS 10 for x86 SLE CLIENT TOOLS 10 for x86_64 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support. SLE CLIENT TOOLS 10 for s390x SLE CLIENT TOOLS 10 for x86 SLE CLIENT TOOLS 10 for x86_64 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." SLE CLIENT TOOLS 10 for s390x SLE CLIENT TOOLS 10 for x86 SLE CLIENT TOOLS 10 for x86_64 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature. SLE CLIENT TOOLS 10 for s390x SLE CLIENT TOOLS 10 for x86 SLE CLIENT TOOLS 10 for x86_64 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse. SLE CLIENT TOOLS 10 for s390x SLE CLIENT TOOLS 10 for x86 SLE CLIENT TOOLS 10 for x86_64 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key. SLE CLIENT TOOLS 10 for s390x SLE CLIENT TOOLS 10 for x86 SLE CLIENT TOOLS 10 for x86_64 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c. SLE CLIENT TOOLS 10 for s390x SLE CLIENT TOOLS 10 for x86 SLE CLIENT TOOLS 10 for x86_64 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow. SLE CLIENT TOOLS 10 for s390x SLE CLIENT TOOLS 10 for x86 SLE CLIENT TOOLS 10 for x86_64 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in in Oracle Java SE 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0491. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity via unknown vectors related to Beans. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect confidentiality via vectors related to JCE. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect availability via vectors related to JSSE. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0459. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition." SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition." SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization." SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call. SLE CLIENT TOOLS 10 for s390x SLE CLIENT TOOLS 10 for x86 SLE CLIENT TOOLS 10 for x86_64 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication. SLE CLIENT TOOLS 10 for s390x SLE CLIENT TOOLS 10 for x86 SLE CLIENT TOOLS 10 for x86_64 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback. SLE CLIENT TOOLS 10 for s390x SLE CLIENT TOOLS 10 for x86 SLE CLIENT TOOLS 10 for x86_64 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass "permission checks" and obtain sensitive information via vectors related to the Java Virtual Machine. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JSSE. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM. SLE CLIENT TOOLS 10 for s390x SLE CLIENT TOOLS 10 for x86 SLE CLIENT TOOLS 10 for x86_64 SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via a hypercall_iret call with EFLAGS.VM set. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a malformed file. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin Policy via the reviver parameter to the JSON.parse method. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple integer overflows in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to execute arbitrary code via a crafted saio chunk in MPEG-4 video data. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The js::jit::AssemblerX86Shared::lock_addl function in the JavaScript implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to cause a denial of service (application crash) by leveraging the use of shared memory and accessing (1) an Atomics object or (2) a SharedArrayBuffer object. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via malformed WebM video data. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, related to an "overflow." SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging a self assignment. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a SharedWorker object that makes recursive calls to the open method of an XMLHttpRequest object. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets (CSS) token sequences for a CANVAS element. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitrary http: or https: URL at a certain early point in the installation process. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Buffer overflow in the vp9_init_context_buffers function in libvpx, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3, allows remote attackers to execute arbitrary code via a crafted VP9 file. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the nestegg_track_codec_data function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via a crafted header in a WebM video. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow." SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JGSS. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u85 and 8u60 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4881. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via unknown vectors related to 2D. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 7u85 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect integrity via unknown vectors related to Security. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect availability via vectors related to CORBA. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4860. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to RMI. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4893. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow." SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow." SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 uses an incorrect argument to the sscanf function, which might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via unknown vectors. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 misinterprets the return value of a function call, which might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Same Origin Policy for an IP address origin, and conduct cross-site scripting (XSS) attacks, by appending whitespace characters to an IP address string. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via vectors involving a CANVAS element and crafted JavaScript code. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack of a preflight-request step. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Buffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP archive. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service (incorrect garbage collection and application crash) or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript wrapper. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Buffer overflow in the rx::TextureStorage11 class in ANGLE, as used in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted texture data. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The (1) AddWeightedPathSegLists and (2) SVGPathSegListSMILType::Interpolate functions in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lack status checking, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted SVG document. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption). SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted (1) HYPERCALL_xenoprof_op hypercalls, which are not properly handled in the do_xenoprof_op function in common/xenoprof.c, or (2) HYPERVISOR_xenpmu_op hypercalls, which are not properly handled in the do_xenpmu_op function in arch/x86/cpu/vpmu.c. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash). SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain teardown. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host crash) via unspecified vectors, related to XENMEM_exchange error handling. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing 'ioport' r/w operations. A privileged (CAP_SYS_RAWIO) user/process could use this flaw to leak or corrupt QEMU memory bytes. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect integrity via unknown vectors related to Networking. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect availability via vectors related to JAXP. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock (127.127.1.1 for example) that reaches the receive() function will match that reference clock's peer record and will be treated as a trusted peer. Any system that lacks the typical martian packet filtering which would block these packets is in danger of having its time controlled by an attacker. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x before 38.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service (generation-count overflow, out-of-bounds HashMap write access, and application crash) via a crafted web site. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect availability via vectors related to 2D. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information via crafted font data, which triggers an out-of-bounds read. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548. SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 LTSS for x86 SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.