| Beschreibung: | Description:
The remote host is missing updates announced in
advisory TSLSA-2005-0070.
kernel < TSL 3.0 >
- New Upstream.
- SECURITY Fix: Memory leak in the VFS file lease handling in locks.c
allows local users to cause a denial of service via certain Samba
activities that cause an fasync entry to be re-allocated by the
fcntl_setlease function after the fasync queue has already been
cleaned by the locks_delete_lock function.
- The auto-reap of child processes in Linux kernel 2.6 includes
processes with ptrace attached, which leads to a dangling ptrace
reference and allows local users to cause a denial of service (crash).
- The time_out_leases function in locks.c allows local users to cause a
denial of service (kernel log message consumption) by causing a large
number of broken leases, which is recorded to the log using the printk
function.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2005-3807, CVE-2005-3784 and CVE-2005-3857 to
these issues.
perl < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- SECURITY Fix: Integer overflow in the format string functionality
(Perl_sv_vcatpvfn) allows attackers to overwrite arbitrary memory and
possibly execute arbitrary code via format string specifiers with
large values.
The Common Vulnerabilities and Exposures project has assigned the
name CVE-2005-3962 to this issue.
Solution:
Update your system with the packages as indicated in
the referenced security advisory.
http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2005-0070
Risk factor : Medium
CVSS Score:
4.9
|
