NeXpose Release December 27, 2010 (Content)

Document created by techeditor on Apr 7, 2011
Version 1Show Document
  • View in full screen mode

This release is a content update.


  • Content updates include new checks for vulnerabilities, patch verification, and compliance with security policies.
  • Product updates include performance improvements, bug fixes, and new features.


Correct handling of MySQL solutions

  • Correct handling of solutions for vulnerabilities related to the MySQL database system ensure that you have the information you need to remediate these security holes.


Bi-monthly vulnerability check update

  • New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:
    o Adobe Flash
    o Adobe Reader
    o Apache
    o Apple QuickTime
    o CentOS
    o Cisco devices
    o Mozilla Firefox
    o OpenSSL
    o PHP
    o Red Hat Enterprise Linux
    o Solaris
    o VMware
    These checks help prevent security breaches that could allow hostile parties to take control of affected systems, gain access to confidential data, disrupt business operations, or cause other problems.


List of checks

  • CentOS Linux Obsolete Version
  • CESA-2010:0898: kvm security update
  • CESA-2010:0950: apr-util security update
  • CESA-2010:0966: firefox security update
  • CESA-2010:0967: seamonkey security update
  • CESA-2010:0968: thunderbird security update
  • CESA-2010:0970: exim security update
  • CESA-2010:0976: bind security update
  • CESA-2010:0977: openssl security update
  • CESA-2010:0978: openssl security update
  • CESA-2010:0981: HelixPlayer removal
  • CESA-2010:0986: java-1.4.2-ibm-sap security update
  • MFSA2010-74: Miscellaneous memory safety hazards (rv: (CVE-2010-3776)
  • MFSA2010-75: Buffer overflow while line breaking after document.write with long string (CVE-2010-3769)
  • MFSA2010-76: Chrome privilege escalation with and <isindex> element (CVE-2010-3771)
  • MFSA2010-77: Crash and remote code execution using HTML tags inside a XUL tree (CVE-2010-3772)
  • MFSA2010-78: Add support for OTS font sanitizer (CVE-2010-3768)
  • MFSA2010-79: Java security bypass from LiveConnect loaded via data: URL meta refresh (CVE-2010-3775)
  • MFSA2010-80: Use-after-free error with nsDOMAttribute MutationObserver (CVE-2010-3766)
  • MFSA2010-81: Integer overflow vulnerability in NewIdArray (CVE-2010-3767)
  • MFSA2010-82: Incomplete fix for CVE-2010-0179 (CVE-2010-3773)
  • MFSA2010-83: Location bar SSL spoofing using network error page (CVE-2010-3774)
  • MFSA2010-84: XSS hazard in multiple character encodings (CVE-2010-3770)
  • MS10-106: Vulnerability in Microsoft Exchange Server Could Allow Denial of Service
  • PHP Fixed crashes on invalid parameters in intl extension
  • PHP Fixed MOPS-2010-24
  • PHP Fixed NULL pointer dereference in ZipArchive::getArchiveComment
  • PHP Fixed possible flaw in open_basedir
  • PHP mb_strcut() returns garbage with the excessive length parameter
  • PHP possible double free in imap extension
  • PHP Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data)
  • PHP utf8_decode vulnerabilities and deficiencies in the number of reported malformed sequences
  • Red Hat Enterprise Linux Obsolete Version
  • RHSA-2010:0950: apr-util security update
  • RHSA-2010:0958: kernel-rt security and bug fix update
  • RHSA-2010:0959: JBoss Enterprise Application Platform 5.1.0 security and bug fix update
  • RHSA-2010:0960: JBoss Enterprise Application Platform 5.1.0 security and bug fix update
  • RHSA-2010:0964: jboss-remoting security update
  • RHSA-2010:0966: firefox security update
  • RHSA-2010:0967: seamonkey security update
  • RHSA-2010:0968: thunderbird security update
  • RHSA-2010:0969: thunderbird security update
  • RHSA-2010:0970: exim security update
  • RHSA-2010:0976: bind security update
  • RHSA-2010:0977: openssl security update
  • RHSA-2010:0978: openssl security update
  • RHSA-2010:0981: HelixPlayer removal
  • RHSA-2010:0986: java-1.4.2-ibm-sap security update
  • RHSA-2010:0987: java-1.6.0-ibm security and bug fix update