You are here

Home › Oracle Third Party Vulnerability Resolution Blog of March 13, 2013

Oracle Third Party Vulnerability Resolution Blog of March 13, 2013

Submitted on 19. March 2013 - 10:35 by rischi.
Last update on 19. January 2017 - 14:40.
IDs: 
CB-K13/0207 CVE-2011-3970 CVE-2012-2807 CVE-2011-1202 CVE-2012-2825 CVE-2012-2870 CVE-2012-2871 CVE-2012-2893 CVE-2011-3026 CVE-2011-3048 CVE-2010-1634 CVE-2012-2733 CVE-2012-3546 CVE-2012-4431 CVE-2012-4534 CVE-2012-5885 CVE-2012-5886 CVE-2012-5887
Keywords: 
libxslt, libpng, python, tomcat, freetype, gzip, bash
Description: 

Oracle posted information about multiple security fixes on the Oracle Third Party Vulnerability Resolution Blog of March 13, 2013. The majority of the vulnerabilities affect the availablity of software components.

  • libxslt/python/freetype vulnerabilities: CVE-2011-3970, CVE-2012-2807, CVE-2011-1202, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, CVE-2012-2893, CVE-2010-1634, CVE-2011-3439, CVE-2011-3256
    Airlock is not affected since the software components are not installed on Airlock.

  • libpng/gzip/bash vulnerabilities: CVE-2011-3026, CVE-2011-3048, CVE-2009-2624, CVE-2012-3410
    The software components are exclusively used in the management zone of Airlock and only accessible to trusted users.

  • Tomcat vulnerabilities: CVE-2012-2733, CVE-2012-3546, CVE-2012-4431, CVE-2012-4534, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887
    The vulnerabilities have already been analyzed by the Airlock Security Engineers. The corresponding reports can be found on Techzone (by searching for the CVE number). Airlock is not affected.

Resolution: 

No action required.

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required
Reference: 
Oracle Third Party Vulnerability Resolution Blog
Airlock protects Apache Tomcat against DoS
Apache Tomcat
© Ergon Informatik AG