NeXpose Release November 29, 2010 (Content)

Document created by techeditor on Apr 8, 2011
Version 1Show Document
  • View in full screen mode

This release is a content update.

 

  • Content updates include new checks for vulnerabilities, patch verification, and compliance with security policies.
  • Product updates include performance improvements, bug fixes, and new features.

 

CVSS scoring improvements


  • The product now assigns the appropriate CVSS score for a vulnerability related to MD5 signatures for site certificates, so that you have accurate data for prioritizing remediation.
  • More accurate CVSS scores for Solaris checks provide a better view of your security posture.

 

New checks


  • The product now expands check coverage to VMware ESX 3.5 and ESXi 3.5.
  • The product now adds Red Hat Enterprise Linux 6 checks to RHEL coverage.
  • A new check detects CVE-2008-1678, an OpenSSL vulnerability that allows remote attackers to cause Denial of Service (DoS) on target systems through memory consumption.

 

Bi-monthly vulnerability check update


  • New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:
    o Adobe Flash
    o Adobe Reader
    o Apache
    o Apple QuickTime
    o CentOS
    o Cisco devices
    o Mozilla Firefox
    o OpenSSL
    o PHP
    o Red Hat Enterprise Linux
    o Solaris
    o VMware

    These checks help prevent security breaches that could allow hostile parties to take control of affected systems, gain access to confidential data, disrupt business operations, or cause other problems.

 

List of checks


  • CESA-2010:0893: kernel security and bug fix update
  • RHSA-2010:0865: java-1.6.0-openjdk security and bug fix update
  • RHSA-2010:0873: java-1.5.0-ibm security update
  • RHSA-2010:0893: kernel security and bug fix update
  • VMSA-2008-0009.2: Openwsman Invalid Content-Length Vulnerability (CVE-2008-2097)
  • VMSA-2008-0009.2: Security update (CVE-2008-0062)
  • VMSA-2008-0009.2: Security update (CVE-2008-0888)
  • VMSA-2008-0009.2: Security update (CVE-2008-0948)
  • VMSA-2008-0010.3: Tomcat Server Security Update (CVE-2007-5689)
  • VMSA-2008-0010.3: Tomcat Server Security Update (CVE-2008-0657)
  • VMSA-2008-0010.3: Tomcat Server Security Update (CVE-2008-1185)
  • VMSA-2008-0010.3: Tomcat Server Security Update (CVE-2008-1186)
  • VMSA-2008-0010.3: Tomcat Server Security Update (CVE-2008-1188)
  • VMSA-2008-0010.3: Tomcat Server Security Update (CVE-2008-1190)
  • VMSA-2008-0010.3: Tomcat Server Security Update (CVE-2008-1193)
  • VMSA-2008-0010.3: Tomcat Server Security Update (CVE-2008-1195)
  • VMSA-2008-0013.4: net-snmp Security update (CVE-2008-0960)
  • VMSA-2008-0016.3: Update for VirtualCenter (CVE-2008-3103)
  • VMSA-2008-0016.3: Update for VirtualCenter (CVE-2008-3107)
  • VMSA-2008-0016.3: Update for VirtualCenter (CVE-2008-3108)
  • VMSA-2008-0016.3: Update for VirtualCenter (CVE-2008-3111)
  • VMSA-2008-0016.3: Update for VirtualCenter (CVE-2008-3112)
  • VMSA-2008-0016.3: Update for VirtualCenter (CVE-2008-3113)
  • VMSA-2008-0017.2: Updated ESX Service Console package libxml2 (CVE-2008-3529)
  • VMSA-2008-0018: A privilege escalation (CVE-2008-4281)
  • VMSA-2009-0001.1: Updated Service Console package libxml2 (CVE-2008-4226)
  • VMSA-2009-0004.3: Updated vim package (CVE-2008-2712)
  • VMSA-2009-0004.3: Updated vim package (CVE-2008-4101)
  • VMSA-2009-0014.3: JRE Security Update (CVE-2008-2086)
  • VMSA-2009-0014.3: JRE Security Update (CVE-2008-5340)
  • VMSA-2009-0014.3: JRE Security Update (CVE-2008-5352)
  • VMSA-2009-0014.3: JRE Security Update (CVE-2008-5353)
  • VMSA-2009-0014.3: JRE Security Update (CVE-2008-5354)
  • VMSA-2009-0014.3: JRE Security Update (CVE-2008-5355)
  • VMSA-2009-0014.3: JRE Security Update (CVE-2008-5356)
  • VMSA-2009-0014.3: JRE Security Update (CVE-2008-5357)
  • VMSA-2009-0014.3: JRE Security Update (CVE-2008-5358)
  • VMSA-2009-0014.3: JRE Security Update (CVE-2008-5359)
  • VMSA-2010-0015.1: Service Console update (CVE-2009-3245)
  • VMSA-2010-0016: Likewise package updates (CVE-2009-0846)
  • VMSA-2010-0016: Likewise package updates (CVE-2009-4212)
  • APSB10-28: Adobe Reader authplay.dll arbitrary code execution via crafted SWF content (CVE-2010-3654)
  • APSB10-28: Adobe Reader EScript.api plugin arbitrary code execution via crafted PDF documents (CVE-2010-4091)
  • RHSA-2010:0834: flash-plugin security update
  • RHSA-2010:0861: firefox security update
  • RHSA-2010:0867: flash-plugin security update
  • RHSA-2010:0896: thunderbird security update
  • VMSA-2008-0016.3: Update for VirtualCenter (CVE-2008-3105)
  • VMSA-2009-0014.3: JRE Security Update (CVE-2008-5343)
  • VMSA-2010-0013.2: Service Console update (CVE-2010-1447)
  • VMSA-2008-0009.2: VMware VIX Application Programming Interface (API) Memory Overflow (CVE-2008-2100)
  • VMSA-2008-0010.3: Tomcat Server Security Update (CVE-2007-5237)
  • VMSA-2008-0016.3: Update for VirtualCenter (CVE-2008-3109)
  • VMSA-2008-0016.3: Update for VirtualCenter (CVE-2008-3115)
  • VMSA-2008-0019.1: Denial of service guest to host vulnerability (CVE-2008-4917)
  • VMSA-2009-0001.1: Updated Service Console package libxml2 (CVE-2008-4225)
  • VMSA-2009-0005: Denial of service guest to host vulnerability (CVE-2008-4917)
  • VMSA-2009-0014.3: JRE Security Update (CVE-2008-5344)
  • VMSA-2009-0014.3: JRE Security Update (CVE-2008-5345)
  • VMSA-2009-0014.3: JRE Security Update (CVE-2008-5346)
  • VMSA-2009-0014.3: JRE Security Update (CVE-2008-5347)
  • VMSA-2009-0014.3: JRE Security Update (CVE-2008-5348)
  • VMSA-2009-0014.3: JRE Security Update (CVE-2008-5349)
  • VMSA-2009-0014.3: JRE Security Update (CVE-2008-5351)
  • VMSA-2009-0014.3: Mishandled exception (CVE-2008-2136)
  • VMSA-2009-0014.3: Mishandled exception (CVE-2008-2812)
  • VMSA-2009-0014.3: Mishandled exception (CVE-2008-3525)
  • VMSA-2010-0010: Service Console update (CVE-2009-1385)
  • VMSA-2010-0010: Service Console update (CVE-2009-1895)
  • VMSA-2010-0010: Service Console update (CVE-2009-2692)
  • VMSA-2010-0010: Service Console update (CVE-2009-2698)
  • VMSA-2010-0013.2: Service Console update (CVE-2007-4476)
  • VMSA-2010-0013.2: Service Console update (CVE-2010-1168)
  • VMSA-2010-0013.2: Service Console update (CVE-2010-2063)
  • VMSA-2010-0016: Service Console OS update (CVE-2010-1087)
  • RHSA-2010:0842: kernel security and bug fix update
  • VMSA-2008-0009.2: Privilege escalation (CVE-2008-0967)
  • VMSA-2008-0009.2: Security update (CVE-2008-0553)
  • VMSA-2008-0010.3: Tomcat Server Security Update (CVE-2007-5342)
  • VMSA-2008-0010.3: Tomcat Server Security Update (CVE-2008-1187)
  • VMSA-2008-0010.3: Tomcat Server Security Update (CVE-2008-1189)
  • VMSA-2008-0010.3: Tomcat Server Security Update (CVE-2008-1191)
  • VMSA-2008-0010.3: Tomcat Server Security Update (CVE-2008-1192)
  • VMSA-2008-0010.3: Tomcat Server Security Update (CVE-2008-1196)
  • VMSA-2008-0013.4: net-snmp Security update (CVE-2008-2292)
  • VMSA-2008-0014.3: update to bind (CVE-2008-1447)
  • VMSA-2008-0016.3: Privilege escalation (CVE-2008-4279)
  • VMSA-2008-0016.3: Update for VirtualCenter (CVE-2008-3104)
  • VMSA-2008-0018: A privilege escalation (CVE-2008-4915)
  • VMSA-2009-0004.3: Updated vim package (CVE-2007-2953)
  • VMSA-2009-0004.3: Updated vim package (CVE-2008-3432)
  • VMSA-2009-0006: Host code execution vulnerability (CVE-2009-1244)
  • VMSA-2009-0014.3: JRE Security Update (CVE-2008-5360)
  • VMSA-2009-0014.3: Mishandled exception (CVE-2007-6063)
  • VMSA-2010-0010: Service Console update (CVE-2009-3547)
  • VMSA-2010-0013.2: Service Console update (CVE-2008-5302)
  • VMSA-2010-0013.2: Service Console update (CVE-2008-5303)
  • VMSA-2010-0013.2: Service Console update (CVE-2010-0624)
  • VMSA-2010-0013.2: Service Console update (CVE-2010-1321)
  • VMSA-2010-0015.1: Service Console update (CVE-2009-2409)
  • VMSA-2010-0015.1: Service Console update (CVE-2009-3767)
  • VMSA-2010-0015.1: Service Console update (CVE-2010-0734)
  • VMSA-2010-0015.1: Service Console update (CVE-2010-1646)
  • VMSA-2010-0016: Likewise package updates (CVE-2010-1321)
  • VMSA-2008-0010.3: Tomcat Server Security Update (CVE-2007-5236)
  • VMSA-2010-0015.1: Service Console update (CVE-2009-3555)
  • VMSA-2010-0016: Likewise package updates (CVE-2009-0844)
  • VMSA-2010-0016: Service Console OS update (CVE-2010-1088)
  • CESA-2010:0839: kernel security and bug fix update
  • CESA-2010:0889: freetype security update
  • CESA-2010:0894: systemtap security update
  • CESA-2010:0895: systemtap security update
  • OpenSSL CRYPTO_cleanup_all_ex_data denial of service (CVE-2008-1678)
  • RHSA-2010:0837: rhpki security and enhancement update
  • RHSA-2010:0838: pki security and enhancement update
  • RHSA-2010:0839: kernel security and bug fix update
  • RHSA-2010:0858: bzip2 security update
  • RHSA-2010:0889: freetype security update
  • RHSA-2010:0894: systemtap security update
  • RHSA-2010:0895: systemtap security update
  • Sun Patch: Sun Management Center 4.0: Patch for Solaris 8
  • Sun Patch: Sun Management Center 4.0: Patch for Solaris 9
  • Sun Patch: Sun Management Center 4.0: Patch for Solaris 9_x86
  • Sun Patch: SunOS 5.10: dls patch
  • Sun Patch: SunOS 5.10: Firefox 3 patch
  • Sun Patch: SunOS 5.10: kernel patch
  • Sun Patch: SunOS 5.10: Thunderbird patch
  • Sun Patch: SunOS 5.10_x86: dls patch
  • Sun Patch: SunOS 5.10_x86: Firefox 3 patch
  • Sun Patch: SunOS 5.10_x86: kernel patch
  • Sun Patch: SunOS 5.10_x86: Thunderbird patch
  • VMSA-2008-0009.2: Security update (CVE-2007-5378)
  • VMSA-2008-0009.2: Security update (CVE-2008-0063)
  • VMSA-2008-0010.3: Tomcat Server Security Update (CVE-2007-5232)
  • VMSA-2008-0010.3: Tomcat Server Security Update (CVE-2007-5239)
  • VMSA-2008-0010.3: Tomcat Server Security Update (CVE-2007-5240)
  • VMSA-2008-0010.3: Tomcat Server Security Update (CVE-2007-5333)
  • VMSA-2008-0010.3: Tomcat Server Security Update (CVE-2007-6286)
  • VMSA-2008-0010.3: Tomcat Server Security Update (CVE-2008-1194)
  • VMSA-2008-0013.4: perl Security update (CVE-2008-1927)
  • VMSA-2008-0014.3: Third Party Library libpng Updated to 1.2.29 (CVE-2007-5269)
  • VMSA-2008-0016.3: Update for VirtualCenter (CVE-2008-3106)
  • VMSA-2008-0016.3: Update for VirtualCenter (CVE-2008-3110)
  • VMSA-2008-0016.3: Update for VirtualCenter (CVE-2008-3114)
  • VMSA-2008-0017.2: Updated ESX Service Console package libxml2 (CVE-2008-3281)
  • VMSA-2008-0019.1: Updated Service Console package bzip2 (CVE-2008-1372)
  • VMSA-2009-0001.1: Directory Traversal vulnerability (CVE-2008-4914)
  • VMSA-2009-0001.1: Updated Service Console package net-snmp (CVE-2008-4309)
  • VMSA-2009-0004.3: Update bind package (CVE-2009-0025)
  • VMSA-2009-0005: Denial of service guest to host vulnerability (CVE-2008-4916)
  • VMSA-2009-0014.3: JRE Security Update (CVE-2008-5339)
  • VMSA-2009-0014.3: JRE Security Update (CVE-2008-5341)
  • VMSA-2009-0014.3: JRE Security Update (CVE-2008-5342)
  • VMSA-2009-0014.3: JRE Security Update (CVE-2008-5350)
  • VMSA-2009-0014.3: Mishandled exception (CVE-2008-0598)
  • VMSA-2009-0014.3: Mishandled exception (CVE-2008-3275)
  • VMSA-2009-0014.3: Mishandled exception (CVE-2008-4210)
  • VMSA-2009-0015: Directory Traversal vulnerability (CVE-2008-4914)
  • VMSA-2009-0015: Directory Traversal vulnerability (CVE-2009-3733)
  • VMSA-2010-0003.1: Service Console package net-snmp updated (CVE-2009-1887)
  • VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-2277)
  • VMSA-2010-0005: WebAccess Virtual Machine Name Cross-site Scripting Vulnerability (CVE-2010-1137)
  • VMSA-2010-0010: Service Console update (CVE-2008-5029)
  • VMSA-2010-0010: Service Console update (CVE-2008-5300)
  • VMSA-2010-0010: Service Console update (CVE-2009-1337)
  • VMSA-2010-0010: Service Console update (CVE-2009-2848)
  • VMSA-2010-0010: Service Console update (CVE-2009-3002)
  • VMSA-2010-0015.1: Service Console update (CVE-2010-0433)
  • VMSA-2010-0016: Likewise package updates (CVE-2009-0845)
  • VMSA-2010-0016: Service Console OS update (CVE-2010-0291)
  • VMSA-2010-0016: Service Console OS update (CVE-2010-0307)
  • VMSA-2010-0016: Service Console OS update (CVE-2010-0415)
  • RHSA-2010:0862: nss security update
  • RHSA-2010:0890: pidgin security update
  • VMSA-2008-0009.2: Security update (CVE-2007-4772)
  • VMSA-2008-0010.3: Tomcat Server Security Update (CVE-2007-5461)
  • VMSA-2009-0007: VMware Descheduled Time Accounting driver vulnerability (CVE-2009-1805)
  • VMSA-2010-0013.2: Service Console update (CVE-2005-4268)
  • VMSA-2008-0009.2: Security update (CVE-2006-1721)
  • VMSA-2008-0010.3: Tomcat Server Security Update (CVE-2007-5238)
  • VMSA-2008-0010.3: Tomcat Server Security Update (CVE-2007-5274)
  • VMSA-2008-0014.3: VMware Consolidated Backup (VCB) command-line utilities may expose (CVE-2008-2101)
  • VMSA-2010-0016: Service Console OS update (CVE-2010-0622)
  • VMSA-2010-0015.1: Service Console update (CVE-2010-0826)
  • VMSA-2010-0016: Service Console OS update (CVE-2010-1437)

Attachments

    Outcomes