[Zenwalk 7.0 Security Bulletin] - 2012-02-09

viking-fr · **Posted:** Thu Feb 09, 2012 3:44 pm

Sorry for the delay...

Hello,
This message informs Zenwalk community about vulnerable packages (to be patched) found last weeks on Zenwalk 7.0 repositories.

New vulnerable packages found (summary) :
gnutls (version 2.12.7) [Fixed in : 3.0.11]
mysql (version 5.1.56) [Fixed in : 5.1.61]
openssl (version 0.9.8r) [Fixed in : 0.9.8s]
php (version 5.3.8) [Fixed in : 5.3.9]
samba (version 3.6.0) [Fixed in : 3.6.3]
seamonkey (version 2.5) [Fixed in : 2.7]
bind (9.7.4_P1) [Not fixed, see http://cve.mitre.org/cgi-bin/cvename.cg ... -2012-1033 and https://www.isc.org/software/bind/advis ... -2012-1033
On further review, ISC has determined that this is not an issue which needs an immediate patch. The issue is being reviewed at the protocol level and will be addressed there. Implementing DNSSEC is the safest mitigation measure. ]

Important :
"A variety of programming languages suffer from a denial-of-service (DoS) condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms."
"The condition for predictable collisions in the hashing functions has been reported for the following language implementations: Java, JRuby, PHP, Python, Rubinius, Ruby."
See http://www.ocert.org/advisories/ocert-2011-003.html

The division of severities correspond to the following scores :
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

######################## HIGH Vulnerabilities ########################

Vulnerable package found : seamonkey (version 2.5)
Impact (CVSS score) : 10.0/10
Published date time : 2012-02-01
Reference : http://cve.mitre.org/cgi-bin/cvename.cg ... -2012-0442
-----
Vulnerable package found : seamonkey (version 2.5)
Impact (CVSS score) : 10.0/10
Published date time : 2012-02-01
Reference : http://cve.mitre.org/cgi-bin/cvename.cg ... -2012-0443
-----
Vulnerable package found : seamonkey (version 2.5)
Impact (CVSS score) : 10.0/10
Published date time : 2012-02-01
Reference : http://cve.mitre.org/cgi-bin/cvename.cg ... -2012-0444
-----
Vulnerable package found : seamonkey (version 2.5)
Impact (CVSS score) : 10.0/10
Published date time : 2012-02-01
Reference : http://cve.mitre.org/cgi-bin/cvename.cg ... -2012-0449
-----

######################## MEDIUM Vulnerabilities #####################

Vulnerable package found : php (version 5.3.8)
Impact (CVSS score) : 6.4/10
Published date time : 2012-02-01
Reference : http://cve.mitre.org/cgi-bin/cvename.cg ... -2012-0057
-----
Vulnerable package found : mysql (version 5.1.56)
Impact (CVSS score) : 5.5/10
Published date time : 2012-01-18
Reference : http://cve.mitre.org/cgi-bin/cvename.cg ... -2012-0113
-----
Vulnerable package found : openssl (version 0.9.8r)
Impact (CVSS score) : 5.0/10
Published date time : 2012-01-05
Reference : http://cve.mitre.org/cgi-bin/cvename.cg ... -2012-0027
-----
Vulnerable package found : php (version 5.3.8)
Impact (CVSS score) : 5.0/10
Published date time : 2012-01-18
Reference : http://cve.mitre.org/cgi-bin/cvename.cg ... -2012-0781
-----
Vulnerable package found : samba (version 3.6.0)
Impact (CVSS score) : 5.0/10
Published date time : 2012-01-30
Reference : http://cve.mitre.org/cgi-bin/cvename.cg ... -2012-0817
-----
Vulnerable package found : seamonkey (version 2.5)
Impact (CVSS score) : 5.0/10
Published date time : 2012-02-01
Reference : http://cve.mitre.org/cgi-bin/cvename.cg ... -2012-0445
-----
Vulnerable package found : seamonkey (version 2.5)
Impact (CVSS score) : 5.0/10
Published date time : 2012-02-01
Reference : http://cve.mitre.org/cgi-bin/cvename.cg ... -2012-0447
-----
Vulnerable package found : mysql (version 5.1.56)
Impact (CVSS score) : 4.9/10
Published date time : 2012-01-18
Reference : http://cve.mitre.org/cgi-bin/cvename.cg ... -2012-0116
-----
Vulnerable package found : mysql (version 5.1.56)
Impact (CVSS score) : 4.9/10
Published date time : 2012-01-18
Reference : http://cve.mitre.org/cgi-bin/cvename.cg ... -2012-0118
-----
Vulnerable package found : gnutls (version 2.12.7)
Impact (CVSS score) : 4.3/10
Published date time : 2012-01-05
Reference : http://cve.mitre.org/cgi-bin/cvename.cg ... -2012-0390
-----
Vulnerable package found : seamonkey (version 2.5)
Impact (CVSS score) : 4.3/10
Published date time : 2012-02-01
Reference : http://cve.mitre.org/cgi-bin/cvename.cg ... -2012-0446
-----
Vulnerable package found : mysql (version 5.1.56)
Impact (CVSS score) : 4.0/10
Published date time : 2012-01-18
Reference : http://cve.mitre.org/cgi-bin/cvename.cg ... -2012-0087
-----
Vulnerable package found : mysql (version 5.1.56)
Impact (CVSS score) : 4.0/10
Published date time : 2012-01-18
Reference : http://cve.mitre.org/cgi-bin/cvename.cg ... -2012-0101
-----
Vulnerable package found : mysql (version 5.1.56)
Impact (CVSS score) : 4.0/10
Published date time : 2012-01-18
Reference : http://cve.mitre.org/cgi-bin/cvename.cg ... -2012-0102
-----
Vulnerable package found : mysql (version 5.1.56)
Impact (CVSS score) : 4.0/10
Published date time : 2012-01-18
Reference : http://cve.mitre.org/cgi-bin/cvename.cg ... -2012-0115
-----
Vulnerable package found : mysql (version 5.1.56)
Impact (CVSS score) : 4.0/10
Published date time : 2012-01-18
Reference : http://cve.mitre.org/cgi-bin/cvename.cg ... -2012-0119
-----
Vulnerable package found : mysql (version 5.1.56)
Impact (CVSS score) : 4.0/10
Published date time : 2012-01-18
Reference : http://cve.mitre.org/cgi-bin/cvename.cg ... -2012-0120
-----
Vulnerable package found : mysql (version 5.1.56)
Impact (CVSS score) : 4.0/10
Published date time : 2012-01-18
Reference : http://cve.mitre.org/cgi-bin/cvename.cg ... -2012-0484
-----
Vulnerable package found : mysql (version 5.1.56)
Impact (CVSS score) : 4.0/10
Published date time : 2012-01-18
Reference : http://cve.mitre.org/cgi-bin/cvename.cg ... -2012-0485
-----
Vulnerable package found : mysql (version 5.1.56)
Impact (CVSS score) : 4.0/10
Published date time : 2012-01-18
Reference : http://cve.mitre.org/cgi-bin/cvename.cg ... -2012-0490
-----

######################## LOW Vulnerabilities ########################

Vulnerable package found : mysql (version 5.1.56)
Impact (CVSS score) : 3.5/10
Published date time : 2012-01-18
Reference : http://cve.mitre.org/cgi-bin/cvename.cg ... -2012-0112
-----
Vulnerable package found : mysql (version 5.1.56)
Impact (CVSS score) : 3.0/10
Published date time : 2012-01-18
Reference : http://cve.mitre.org/cgi-bin/cvename.cg ... -2012-0114
-----
Vulnerable package found : mysql (version 5.1.56)
Impact (CVSS score) : 2.1/10
Published date time : 2012-01-18
Reference : http://cve.mitre.org/cgi-bin/cvename.cg ... -2012-0492
-----
Vulnerable package found : seamonkey (version 2.5)
Impact (CVSS score) : 2.1/10
Published date time : 2012-02-01
Reference : http://cve.mitre.org/cgi-bin/cvename.cg ... -2012-0450
-----
Vulnerable package found : mysql (version 5.1.56)
Impact (CVSS score) : 1.7/10
Published date time : 2012-01-18
Reference : http://cve.mitre.org/cgi-bin/cvename.cg ... -2012-0075
-----

Notes :
Report generated jeu. 09 févr. 2012 16:04:36 CET
Packages list source : http://viking.zenwalk.org/i486/snapshot/PACKAGES.TXT.gz
Vulnerabilities list source : http://static.nvd.nist.gov/feeds/xml/cv ... 0-2012.xml

[Zenwalk 7.0 Security Bulletin] - 2012-02-09

Who is online