NeXpose Release March 7, 2011 (Content)

Document created by techeditor on Apr 8, 2011
Version 1Show Document
  • View in full screen mode

This 2011-03-07 release is a content update.

 

  • Content updates include new checks for vulnerabilities, patch verification, and compliance with security policies.
  • Product updates include performance improvements, bug fixes, and new features.

 

More accurate results for Windows 7, Vista, and 2008


Scan results are more accurate for Windows 7, Windows Vista, and Windows 2008, so that you can have more confidence in your security assessment of these operating systems.

 

Proper display of PHP flaws in reports


A bug fix ensures that solution information for PHP-related vulnerabilities appears properly in reports, so that you can remediate these flaws.

 

Bi-monthly vulnerability check update


New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

 

  • Adobe Flash
  • Adobe Reader
  • Apache
  • Apple QuickTime
  • CentOS
  • Cisco devices
  • Java Runtime Environment
  • Mozilla Firefox
  • OpenSSL
  • PHP
  • Red Hat Enterprise Linux
  • Solaris
  • VMware

 

These checks help prevent security breaches that could allow hostile parties to take control of affected systems, gain access to confidential data, disrupt business operations, or cause other problems.

 

List of new checks


  • CESA-2011:0214: java-1.6.0-openjdk security update
  • CESA-2011:0257: subversion security update
  • CESA-2011:0260: python security and bug fix update
  • CESA-2011:0261: bash security and bug fix update
  • CESA-2011:0262: sendmail security and bug fix update
  • CESA-2011:0263: CentOS Linux 4.9 kernel security and bug fix update
  • CESA-2011:0279: CentOS Linux Extended Update Support 4.7 6-Month EOL Notice
  • CESA-2011:0281: java-1.6.0-openjdk security update
  • CESA-2011:0299: java-1.4.2-ibm-sap security update
  • MFSA2011-01: Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17) (CVE-2011-0053)
  • MFSA2011-01: Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17) (CVE-2011-0062)
  • MFSA2011-02: Recursive eval call causes confirm dialogs to evaluate to true (CVE-2011-0051)
  • MFSA2011-03: Use-after-free error in JSON.stringify (CVE-2011-0055)
  • MFSA2011-04: Buffer overflow in JavaScript upvarMap (CVE-2011-0054)
  • MFSA2011-05: Buffer overflow in JavaScript atom map (CVE-2011-0056)
  • MFSA2011-06: Use-after-free error using Web Workers (CVE-2011-0057)
  • MFSA2011-07: Memory corruption during text run construction (Windows) (CVE-2011-0058)
  • MFSA2011-08: ParanoidFragmentSink allows javascript: URLs in chrome documents (CVE-2010-1585)
  • MFSA2011-09: Crash caused by corrupted JPEG image (CVE-2011-0061)
  • MFSA2011-10: CSRF risk with plugins and 307 redirects (CVE-2011-0059)
  • RHSA-2011:0210: jbossweb security update
  • RHSA-2011:0214: java-1.6.0-openjdk security update
  • RHSA-2011:0256: dhcp security update
  • RHSA-2011:0257: subversion security update
  • RHSA-2011:0258: subversion security update
  • RHSA-2011:0259: flash-plugin - 1-Month End Of Life Notice
  • RHSA-2011:0260: python security and bug fix update
  • RHSA-2011:0261: bash security and bug fix update
  • RHSA-2011:0262: sendmail security and bug fix update
  • RHSA-2011:0263: Red Hat Enterprise Linux 4.9 kernel security and bug fix update
  • RHSA-2011:0264: rgmanager security and bug fix update
  • RHSA-2011:0265: ccs security update
  • RHSA-2011:0266: fence security, bug fix, and enhancement update
  • RHSA-2011:0279: Red Hat Enterprise Linux Extended Update Support 4.7 6-Month EOL Notice
  • RHSA-2011:0281: java-1.6.0-openjdk security update
  • RHSA-2011:0282: java-1.6.0-sun security update
  • RHSA-2011:0283: kernel security, bug fix, and enhancement update
  • RHSA-2011:0290: java-1.6.0-ibm security update
  • RHSA-2011:0291: java-1.5.0-ibm security update
  • RHSA-2011:0292: java-1.4.2-ibm security update
  • RHSA-2011:0293: Red Hat Directory Server security update
  • RHSA-2011:0299: java-1.4.2-ibm-sap security update
  • RHSA-2011:0300: Red Hat Network Satellite Server security update
  • RHSA-2011:0301: acroread security update
  • Sun Patch: SunOS 5.10: cp, ln, mv, compress, pack, cpio, pax tar patch
  • Sun Patch: SunOS 5.10_x86: cp, ln, mv, compress, pack, cpio, pax tar patch
  • VMSA-2010-0020.1: ESX third party component OpenSSL (CVE-2010-4573)
  • Windows 7 Service Pack 1 Standalone (KB976932) - All Languages
  • Windows 7 Service Pack 1 Standalone for x64-based Systems (KB976932) - All Languages
  • Windows Server 2008 R2 Service Pack 1 Standalone ia64-based Systems (KB976932) - All Languages
  • Windows Server 2008 R2 Service Pack 1 Standalone x64-based Systems (KB976932) - All Languages

Attachments

    Outcomes