SUSE Linux Security Advisory: SUSE-SR:2010:008
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:N/C:C/I:C/A:C) | December 16, 2009 | December 11, 2013 | June 03, 2015 |
Available Exploits 
Description
Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
References
- APPLE-APPLE-SA-2010-01-19-1
- APPLE-APPLE-SA-2010-03-29-1
- APPLE-APPLE-SA-2010-05-18-1
- APPLE-APPLE-SA-2010-05-18-2
- BID-35263
- BID-36935
- BID-37349
- BID-37368
- BID-37942
- BID-37944
- BID-37945
- BID-38211
- BID-38326
- BID-39062
- BID-39065
- BID-39067
- BID-39069
- BID-39071
- BID-39073
- BID-39077
- BID-39078
- BID-39083
- CERT-TA10-222A
- CERT-TA10-287A
- CERT-VN-120541
- CVE-2008-5515
- CVE-2009-2693
- CVE-2009-2901
- CVE-2009-2902
- CVE-2009-3389
- CVE-2009-3555
- CVE-2010-0082
- CVE-2010-0084
- CVE-2010-0085
- CVE-2010-0087
- CVE-2010-0088
- CVE-2010-0089
- CVE-2010-0090
- CVE-2010-0091
- CVE-2010-0092
- CVE-2010-0093
- CVE-2010-0094
- CVE-2010-0095
- CVE-2010-0547
- CVE-2010-0732
- CVE-2010-0837
- CVE-2010-0838
- CVE-2010-0839
- CVE-2010-0840
- CVE-2010-0841
- CVE-2010-0842
- CVE-2010-0843
- CVE-2010-0844
- CVE-2010-0845
- CVE-2010-0846
- CVE-2010-0847
- CVE-2010-0848
- CVE-2010-0849
- CVE-2010-0850
- CVE-2010-0926
- DEBIAN-DSA-1934
- DEBIAN-DSA-2141
- DEBIAN-DSA-2207
- DEBIAN-DSA-3253
- DISA_SEVERITY-Category I
- DISA_VMSKEY-V0027158
- DISA_VMSKEY-V0031252
- IAVM-2011-A-0066
- IAVM-2012-A-0020
- MS-MS10-049
- OSVDB-60521
- OSVDB-60972
- OSVDB-62210
- OSVDB-63481
- OSVDB-63482
- OSVDB-63485
- OSVDB-63492
- OSVDB-65202
- OVAL-OVAL10057
- OVAL-OVAL10088
- OVAL-OVAL10392
- OVAL-OVAL10422
- OVAL-OVAL10474
- OVAL-OVAL10482
- OVAL-OVAL10680
- OVAL-OVAL10851
- OVAL-OVAL11120
- OVAL-OVAL11173
- OVAL-OVAL11576
- OVAL-OVAL11578
- OVAL-OVAL11617
- OVAL-OVAL11621
- OVAL-OVAL13357
- OVAL-OVAL13492
- OVAL-OVAL13795
- OVAL-OVAL13803
- OVAL-OVAL13923
- OVAL-OVAL13934
- OVAL-OVAL13959
- OVAL-OVAL13971
- OVAL-OVAL14061
- OVAL-OVAL14092
- OVAL-OVAL14101
- OVAL-OVAL14105
- OVAL-OVAL14144
- OVAL-OVAL14208
- OVAL-OVAL14210
- OVAL-OVAL14237
- OVAL-OVAL14276
- OVAL-OVAL14282
- OVAL-OVAL14288
- OVAL-OVAL14321
- OVAL-OVAL14350
- OVAL-OVAL14351
- OVAL-OVAL14453
- OVAL-OVAL14503
- OVAL-OVAL14521
- OVAL-OVAL19355
- OVAL-OVAL19431
- OVAL-OVAL19452
- OVAL-OVAL6445
- OVAL-OVAL7017
- OVAL-OVAL7092
- OVAL-OVAL7315
- OVAL-OVAL7478
- OVAL-OVAL7967
- OVAL-OVAL7973
- OVAL-OVAL8366
- OVAL-OVAL8535
- OVAL-OVAL9855
- OVAL-OVAL9877
- OVAL-OVAL9896
- OVAL-OVAL9899
- OVAL-OVAL9974
- REDHAT-RHSA-2010:0119
- REDHAT-RHSA-2010:0130
- REDHAT-RHSA-2010:0155
- REDHAT-RHSA-2010:0165
- REDHAT-RHSA-2010:0167
- REDHAT-RHSA-2010:0337
- REDHAT-RHSA-2010:0338
- REDHAT-RHSA-2010:0339
- REDHAT-RHSA-2010:0383
- REDHAT-RHSA-2010:0471
- REDHAT-RHSA-2010:0489
- REDHAT-RHSA-2010:0580
- REDHAT-RHSA-2010:0582
- REDHAT-RHSA-2010:0768
- REDHAT-RHSA-2010:0770
- REDHAT-RHSA-2010:0786
- REDHAT-RHSA-2010:0807
- REDHAT-RHSA-2010:0865
- REDHAT-RHSA-2010:0986
- REDHAT-RHSA-2010:0987
- REDHAT-RHSA-2011:0880
- SUSE-SUSE-SA:2009:057
- SUSE-SUSE-SA:2009:063
- SUSE-SUSE-SA:2010:061
- SUSE-SUSE-SR:2010:008
- XF-54158
- XF-54805
- XF-55855
- XF-55856
- XF-55857
- XF-57346
Solution
suserpm-upgrade-apache-jakarta-tomcat-connectorsRelated Vulnerabilities
- RHSA-2011:1219: samba security update
- SUSE Linux Security Advisory: SUSE-SU-2014:1100-1
- Cent OS: CVE-2010-0848: CESA-2010:0339 (java-1.6.0-openjdk)
- OS X update for Tomcat (CVE-2009-2901)
- VMSA-2011-0003: vCenter Server and ESX, Oracle (Sun) JRE is (CVE-2010-0088)
- VMSA-2011-0003: vCenter Server and ESX, Oracle (Sun) JRE is (CVE-2010-0842)
- VMSA-2011-0003: vCenter Server and ESX, Oracle (Sun) JRE is (CVE-2009-2902)
- MFSA2009-71: Firefox GeckoActiveXObj COM-Object Enumeration Vulnerability
- RHSA-2010:0489: java-1.5.0-ibm security update
- Cent OS: CVE-2009-3984: CESA-2009:1674 (firefox)
- USN-874-1: Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities
- USN-860-1: Apache vulnerabilities
- Sun Patch: NSS_NSPR_JSS 3.21: NSPR 4.11 / NSS 3.21 / JSS 4.3.2
- MFSA2009-67 Thunderbird: Integer overflow, crash in libtheora video library (CVE-2009-3389)
- SUSE Linux Security Vulnerability: CVE-2010-0847
- Apple Java security update for CVE-2010-0849
- AIX 6.1 - ssl_advisory : AIX_OpenSSL_session_renegotiation_vulnerability (APAR N/A)
- ELSA-2011-1219 Moderate: Oracle Linux samba security update
- VMSA-2011-0003: vCenter Server and ESX, Oracle (Sun) JRE is (CVE-2010-0846)
- SUSE Linux Security Vulnerability: CVE-2010-0087
- Java CPU March 2010 Sound vulnerability (CVE-2010-0843)
- VMSA-2011-0003: vCenter Server and ESX, Oracle (Sun) JRE is (CVE-2010-0082)
- SUSE Linux Security Advisory: SUSE-SA:2009:063
- Sun Patch: NSS_NSPR_JSS 3.21 Solaris_x86: NSPR 4.11 / NSS 3.21 / JSS 4.3.2 Ma
- SUSE Linux Security Vulnerability: CVE-2010-0849
- SUSE Linux Security Vulnerability: CVE-2010-0085
- Apple Java security update for CVE-2010-0084
- SUSE Linux Security Advisory: SUSE-SR:2010:019
- SUSE Linux Security Vulnerability: CVE-2010-0846
- USN-927-4: nss vulnerability
- SUSE Linux Security Vulnerability: CVE-2010-0840
- Java CPU March 2010 Java Web Start, Java Plug-in vulnerability (CVE-2010-0089)
- ELSA-2012-0518 Important: Oracle Linux openssl security update
- SUSE Linux Security Vulnerability: CVE-2009-3981
- RHSA-2010:0770: java-1.6.0-sun security update
- ELSA-2010-0165 Moderate: Enterprise Linux nss security update
- Apple Java security update for CVE-2010-0092
- SUSE Linux Security Vulnerability: CVE-2010-0090
- MFSA2009-65 Firefox: Crashes with evidence of memory corruption (rv:1.9.1.6/ 1.9.0.16) (CVE-2009-3982)
- MFSA2009-65 Thunderbird: Crashes with evidence of memory corruption (rv:1.9.1.6/ 1.9.0.16) (CVE-2009-3979)
- Apple Java security update for CVE-2010-0841
- SUSE Linux Security Vulnerability: CVE-2010-0838
- Sun Patch: SunOS 5.10_x86: Oracle Java Web Console 3.1 Patch
- VMSA-2011-0003: vCenter Server and ESX, Oracle (Sun) JRE is (CVE-2010-0841)
- JRE Java TLS Renegotiation Vulnerability
- RHSA-2010:0153: thunderbird security update
- Samba CVE-2010-0926: Change parameter "wide links" to default to "no"
- Java CPU March 2010 Java Runtime Environment vulnerability (CVE-2010-0093)
- RHSA-2010:0574: java-1.4.2-ibm security update
- AIX 5.1 - ssl_advisory : AIX_OpenSSL_session_renegotiation_vulnerability (APAR N/A)
- AIX OpenSSL session renegotiation vulnerability -AIX 5.1
- RHSA-2010:0602: Red Hat Certificate System 7.3 security update
- RHSA-2009:1454: tomcat5 security update
- SUSE Linux Security Advisory: SUSE-SR:2010:011
- SUSE Linux Security Vulnerability: CVE-2010-0839
- SUSE Linux Security Advisory: SUSE-SR:2009:012
- SUSE Linux Security Vulnerability: CVE-2010-0091
- Apple Java security update for CVE-2010-0087
- AIX OpenSSL session renegotiation vulnerability -AIX 5.2
- RHSA-2010:0693: tomcat5 security update
- RHSA-2010:0807: java-1.5.0-ibm security update
- Sun Patch: NSS_NSPR_JSS 3.21_x86: NSPR 4.11 / NSS 3.21 / JSS 4.3.2
- F5 Networks: K10737 (CVE-2009-3555): SSL Renegotiation vulnerability - CVE-2009-3555 / VU#120541
- RHSA-2009:1146: JBoss Enterprise Application Platform 4.3.0.CP05 update
- Sun Patch: Sun GlassFish Enterprise Server 2.1.1 Patch16 (v2.1 patch22) (9.1_
- Apache Tomcat: Low: Insecure partial deploy after failed undeploy (CVE-2009-2901)
- Java CPU March 2010 Java Web Start, Java Plug-in vulnerability (CVE-2010-0087)
- Sun Patch: StarOffice 8 (Solaris): Update 18
- HP Systems Insight Manager - HPSBMA02547 (CVE-2010-0840): HP-UX, Linux, and Windows, Remote Execution of Arbitrary Code and Other Vulnerabilities
- RHSA-2010:0865: java-1.6.0-openjdk security and bug fix update
- SUSE Linux Security Vulnerability: CVE-2009-3987
- MFSA2009-69 Firefox: Location bar spoofing vulnerabilities (CVE-2009-3985)
- Java CPU March 2010 Java Runtime Environment vulnerability (CVE-2010-0840)
- Java CPU March 2010 ImageIO vulnerability (CVE-2010-0846)
- VMSA-2012-0001: ESX third party update for Service Console samba RPMs (CVE-2010-0547)
- Sun Patch: StarSuite 8 (Solaris): Update 18
- ELSA-2012-0313 Low: Oracle Linux samba security, bug fix, and enhancement update
- Sun Patch: StarSuite 8 (Solaris_x86): Update 18
- MFSA2010-22 SeaMonkey: Update NSS to support TLS renegotiation indication (CVE-2009-3555)
- SUSE Linux Security Vulnerability: CVE-2009-3985
- RHSA-2010:0130: java-1.5.0-ibm security update
- Apple Java security update for CVE-2010-0838
- ELSA-2010-0163 Moderate: Enterprise Linux openssl security update
- MFSA2009-70 SeaMonkey: Privilege escalation via chrome window.opener (CVE-2009-3986)
- VMSA-2011-0003: vCenter Server and ESX, Oracle (Sun) JRE is (CVE-2009-2693)
- VMSA-2011-0003: vCenter Server and ESX, Oracle (Sun) JRE is (CVE-2010-0087)
- USN-1010-1: OpenJDK vulnerabilities
- Apache Tomcat: Low: Unexpected file deletion in work directory (CVE-2009-2902)
- RHSA-2009:1164: tomcat security update
- OpenSSL RFC5746 SSL/TLS renegotiation (CVE-2009-3555)
- USN-788-1: Tomcat vulnerabilities
- MFSA2009-69 Firefox: Location bar spoofing vulnerabilities (CVE-2009-3984)
- SUSE Linux Security Advisory: SUSE-SR:2011:008
- MFSA2009-65: Firefox Javascript Engine Code Execution Vulnerability
- VMSA-2011-0003: vCenter Server and ESX, Oracle (Sun) JRE is updated to version 1.6.0_21, vCenter Update Manager Oracle (Sun) JRE is updated to version 1.5.0_26 (CVE-2009-3555)
- HP Systems Insight Manager - HPSBMA02547 (CVE-2010-0838): HP-UX, Linux, and Windows, Remote Execution of Arbitrary Code and Other Vulnerabilities
- Java CPU October 2010 JSSE vulnerability (CVE-2009-3555)
- AIX 5.3 - ssl_advisory : AIX_OpenSSL_session_renegotiation_vulnerability (APAR N/A)
- MFSA2009-66 SeaMonkey: Memory safety fixes in liboggplay media library (CVE-2009-3388)
- USN-990-1: OpenSSL vulnerability