Back to search

SUSE Linux Security Advisory: SUSE-SR:2010:008

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:N/C:C/I:C/A:C)	December 16, 2009	December 11, 2013	June 03, 2015

Available Exploits

Java RMIConnectionImpl Deserialization Privilege Escalation
Java MixerSequencer Object GM_Song Structure Handling Vulnerability
Java Statement.invoke() Trusted Method Chain Privilege Escalation

Description

Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

Download now

References

APPLE-APPLE-SA-2010-01-19-1
APPLE-APPLE-SA-2010-03-29-1
APPLE-APPLE-SA-2010-05-18-1
APPLE-APPLE-SA-2010-05-18-2
BID-35263
BID-36935
BID-37349
BID-37368
BID-37942
BID-37944
BID-37945
BID-38211
BID-38326
BID-39062
BID-39065
BID-39067
BID-39069
BID-39071
BID-39073
BID-39077
BID-39078
BID-39083
CERT-TA10-222A
CERT-TA10-287A
CERT-VN-120541
CVE-2008-5515
CVE-2009-2693
CVE-2009-2901
CVE-2009-2902
CVE-2009-3389
CVE-2009-3555
CVE-2010-0082
CVE-2010-0084
CVE-2010-0085
CVE-2010-0087
CVE-2010-0088
CVE-2010-0089
CVE-2010-0090
CVE-2010-0091
CVE-2010-0092
CVE-2010-0093
CVE-2010-0094
CVE-2010-0095
CVE-2010-0547
CVE-2010-0732
CVE-2010-0837
CVE-2010-0838
CVE-2010-0839
CVE-2010-0840
CVE-2010-0841
CVE-2010-0842
CVE-2010-0843
CVE-2010-0844
CVE-2010-0845
CVE-2010-0846
CVE-2010-0847
CVE-2010-0848
CVE-2010-0849
CVE-2010-0850
CVE-2010-0926
DEBIAN-DSA-1934
DEBIAN-DSA-2141
DEBIAN-DSA-2207
DEBIAN-DSA-3253
DISA_SEVERITY-Category I
DISA_VMSKEY-V0027158
DISA_VMSKEY-V0031252
IAVM-2011-A-0066
IAVM-2012-A-0020
MS-MS10-049
OSVDB-60521
OSVDB-60972
OSVDB-62210
OSVDB-63481
OSVDB-63482
OSVDB-63485
OSVDB-63492
OSVDB-65202
OVAL-OVAL10057
OVAL-OVAL10088
OVAL-OVAL10392
OVAL-OVAL10422
OVAL-OVAL10474
OVAL-OVAL10482
OVAL-OVAL10680
OVAL-OVAL10851
OVAL-OVAL11120
OVAL-OVAL11173
OVAL-OVAL11576
OVAL-OVAL11578
OVAL-OVAL11617
OVAL-OVAL11621
OVAL-OVAL13357
OVAL-OVAL13492
OVAL-OVAL13795
OVAL-OVAL13803
OVAL-OVAL13923
OVAL-OVAL13934
OVAL-OVAL13959
OVAL-OVAL13971
OVAL-OVAL14061
OVAL-OVAL14092
OVAL-OVAL14101
OVAL-OVAL14105
OVAL-OVAL14144
OVAL-OVAL14208
OVAL-OVAL14210
OVAL-OVAL14237
OVAL-OVAL14276
OVAL-OVAL14282
OVAL-OVAL14288
OVAL-OVAL14321
OVAL-OVAL14350
OVAL-OVAL14351
OVAL-OVAL14453
OVAL-OVAL14503
OVAL-OVAL14521
OVAL-OVAL19355
OVAL-OVAL19431
OVAL-OVAL19452
OVAL-OVAL6445
OVAL-OVAL7017
OVAL-OVAL7092
OVAL-OVAL7315
OVAL-OVAL7478
OVAL-OVAL7967
OVAL-OVAL7973
OVAL-OVAL8366
OVAL-OVAL8535
OVAL-OVAL9855
OVAL-OVAL9877
OVAL-OVAL9896
OVAL-OVAL9899
OVAL-OVAL9974
REDHAT-RHSA-2010:0119
REDHAT-RHSA-2010:0130
REDHAT-RHSA-2010:0155
REDHAT-RHSA-2010:0165
REDHAT-RHSA-2010:0167
REDHAT-RHSA-2010:0337
REDHAT-RHSA-2010:0338
REDHAT-RHSA-2010:0339
REDHAT-RHSA-2010:0383
REDHAT-RHSA-2010:0471
REDHAT-RHSA-2010:0489
REDHAT-RHSA-2010:0580
REDHAT-RHSA-2010:0582
REDHAT-RHSA-2010:0768
REDHAT-RHSA-2010:0770
REDHAT-RHSA-2010:0786
REDHAT-RHSA-2010:0807
REDHAT-RHSA-2010:0865
REDHAT-RHSA-2010:0986
REDHAT-RHSA-2010:0987
REDHAT-RHSA-2011:0880
SUSE-SUSE-SA:2009:057
SUSE-SUSE-SA:2009:063
SUSE-SUSE-SA:2010:061
SUSE-SUSE-SR:2010:008
XF-54158
XF-54805
XF-55855
XF-55856
XF-55857
XF-57346

Solution

suserpm-upgrade-apache-jakarta-tomcat-connectors

Related Vulnerabilities

RHSA-2011:1219: samba security update
SUSE Linux Security Advisory: SUSE-SU-2014:1100-1
OS X update for Tomcat (CVE-2009-2901)
VMSA-2011-0003: vCenter Server and ESX, Oracle (Sun) JRE is (CVE-2010-0088)
CESA-2010:0586: java-1.4.2-ibm-sap security update
VMSA-2011-0003: vCenter Server and ESX, Oracle (Sun) JRE is (CVE-2010-0842)
VMSA-2011-0003: vCenter Server and ESX, Oracle (Sun) JRE is (CVE-2009-2902)
MFSA2009-71: Firefox GeckoActiveXObj COM-Object Enumeration Vulnerability
RHSA-2010:0489: java-1.5.0-ibm security update
USN-874-1: Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities
USN-860-1: Apache vulnerabilities
Sun Patch: NSS_NSPR_JSS 3.21: NSPR 4.11 / NSS 3.21 / JSS 4.3.2
CESA-2010:0987: java-1.6.0-ibm security and bug fix update
MFSA2009-67 Thunderbird: Integer overflow, crash in libtheora video library (CVE-2009-3389)
SUSE Linux Security Vulnerability: CVE-2010-0847
Apple Java security update for CVE-2010-0849
AIX 6.1 - ssl_advisory : AIX_OpenSSL_session_renegotiation_vulnerability (APAR N/A)
ELSA-2011-1219 Moderate: Oracle Linux samba security update
VMSA-2011-0003: vCenter Server and ESX, Oracle (Sun) JRE is (CVE-2010-0846)
SUSE Linux Security Vulnerability: CVE-2010-0087
Java CPU March 2010 Sound vulnerability (CVE-2010-0843)
VMSA-2011-0003: vCenter Server and ESX, Oracle (Sun) JRE is (CVE-2010-0082)
SUSE Linux Security Advisory: SUSE-SA:2009:063
Sun Patch: NSS_NSPR_JSS 3.21 Solaris_x86: NSPR 4.11 / NSS 3.21 / JSS 4.3.2 Ma
SUSE Linux Security Vulnerability: CVE-2010-0849
SUSE Linux Security Vulnerability: CVE-2010-0085
Apple Java security update for CVE-2010-0084
SUSE Linux Security Advisory: SUSE-SR:2010:019
SUSE Linux Security Vulnerability: CVE-2010-0846
USN-927-4: nss vulnerability
SUSE Linux Security Vulnerability: CVE-2010-0840
Java CPU March 2010 Java Web Start, Java Plug-in vulnerability (CVE-2010-0089)
ELSA-2012-0518 Important: Oracle Linux openssl security update
CESA-2010:0770: java-1.6.0-sun security update
SUSE Linux Security Vulnerability: CVE-2009-3981
RHSA-2010:0770: java-1.6.0-sun security update
ELSA-2010-0165 Moderate: Enterprise Linux nss security update
Apple Java security update for CVE-2010-0092
CESA-2010:0162: openssl security update
SUSE Linux Security Vulnerability: CVE-2010-0090
MFSA2009-65 Firefox: Crashes with evidence of memory corruption (rv:1.9.1.6/ 1.9.0.16) (CVE-2009-3982)
MFSA2009-65 Thunderbird: Crashes with evidence of memory corruption (rv:1.9.1.6/ 1.9.0.16) (CVE-2009-3979)
Apple Java security update for CVE-2010-0841
SUSE Linux Security Vulnerability: CVE-2010-0838
CESA-2010:0154: thunderbird security update
Sun Patch: SunOS 5.10_x86: Oracle Java Web Console 3.1 Patch
VMSA-2011-0003: vCenter Server and ESX, Oracle (Sun) JRE is (CVE-2010-0841)
JRE Java TLS Renegotiation Vulnerability
RHSA-2010:0153: thunderbird security update
Samba CVE-2010-0926: Change parameter "wide links" to default to "no"
CESA-2010:0153: thunderbird security update
Java CPU March 2010 Java Runtime Environment vulnerability (CVE-2010-0093)
RHSA-2010:0574: java-1.4.2-ibm security update
AIX 5.1 - ssl_advisory : AIX_OpenSSL_session_renegotiation_vulnerability (APAR N/A)
CESA-2010:0807: java-1.5.0-ibm security update
AIX OpenSSL session renegotiation vulnerability -AIX 5.1
CESA-2010:0339: java-1.6.0-openjdk security update
RHSA-2010:0602: Red Hat Certificate System 7.3 security update
RHSA-2009:1454: tomcat5 security update
SUSE Linux Security Advisory: SUSE-SR:2010:011
CESA-2010:0338: java-1.5.0-sun security update
SUSE Linux Security Vulnerability: CVE-2010-0839
SUSE Linux Security Advisory: SUSE-SR:2009:012
SUSE Linux Security Vulnerability: CVE-2010-0091
Apple Java security update for CVE-2010-0087
AIX OpenSSL session renegotiation vulnerability -AIX 5.2
RHSA-2010:0693: tomcat5 security update
RHSA-2010:0807: java-1.5.0-ibm security update
Sun Patch: NSS_NSPR_JSS 3.21_x86: NSPR 4.11 / NSS 3.21 / JSS 4.3.2
RHSA-2009:1146: JBoss Enterprise Application Platform 4.3.0.CP05 update
Sun Patch: Sun GlassFish Enterprise Server 2.1.1 Patch16 (v2.1 patch22) (9.1_
Apache Tomcat: Low: Insecure partial deploy after failed undeploy (CVE-2009-2901)
Java CPU March 2010 Java Web Start, Java Plug-in vulnerability (CVE-2010-0087)
Sun Patch: StarOffice 8 (Solaris): Update 18
HP Systems Insight Manager - HPSBMA02547 (CVE-2010-0840): HP-UX, Linux, and Windows, Remote Execution of Arbitrary Code and Other Vulnerabilities
RHSA-2010:0865: java-1.6.0-openjdk security and bug fix update
SUSE Linux Security Vulnerability: CVE-2009-3987
CESA-2010:0865: java-1.6.0-openjdk security and bug fix update
MFSA2009-69 Firefox: Location bar spoofing vulnerabilities (CVE-2009-3985)
Java CPU March 2010 Java Runtime Environment vulnerability (CVE-2010-0840)
Java CPU March 2010 ImageIO vulnerability (CVE-2010-0846)
VMSA-2012-0001: ESX third party update for Service Console samba RPMs (CVE-2010-0547)
Sun Patch: StarSuite 8 (Solaris): Update 18
ELSA-2012-0313 Low: Oracle Linux samba security, bug fix, and enhancement update
Sun Patch: StarSuite 8 (Solaris_x86): Update 18
MFSA2010-22 SeaMonkey: Update NSS to support TLS renegotiation indication (CVE-2009-3555)
SUSE Linux Security Vulnerability: CVE-2009-3985
RHSA-2010:0130: java-1.5.0-ibm security update
Apple Java security update for CVE-2010-0838
ELSA-2010-0163 Moderate: Enterprise Linux openssl security update
MFSA2009-70 SeaMonkey: Privilege escalation via chrome window.opener (CVE-2009-3986)
VMSA-2011-0003: vCenter Server and ESX, Oracle (Sun) JRE is (CVE-2009-2693)
CESA-2010:0164: openssl097a security update
CESA-2011:1219: samba security update
VMSA-2011-0003: vCenter Server and ESX, Oracle (Sun) JRE is (CVE-2010-0087)
USN-1010-1: OpenJDK vulnerabilities
Apache Tomcat: Low: Unexpected file deletion in work directory (CVE-2009-2902)
RHSA-2009:1164: tomcat security update
OpenSSL RFC5746 SSL/TLS renegotiation (CVE-2009-3555)
USN-788-1: Tomcat vulnerabilities

THREAT EXPOSURE MANAGEMENT

INCIDENT DETECTION & RESPONSE

CYBER SECURITY SERVICES

MANAGED SERVICES FOR PRODUCTS

TRAINING & CERTIFICATION

Community & Blog

Retail Store

Reviews

Free Downloads

Videos & Media

Papers / Guides

All resources

Company

Buzz

Engage with us

Customers