Test Kennung:	1.3.6.1.4.1.25623.1.0.880596
Kategorie:	CentOS Local Security Checks
Titel:	CentOS Update for cpp CESA-2010:0039 centos5 i386
Zusammenfassung:	The remote host is missing an update for the 'cpp'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'cpp' package(s) announced via the referenced advisory. Vulnerability Insight: The gcc and gcc4 packages include, among others, C, C++, and Java GNU compilers and related support libraries. libgcj contains a copy of GNU Libtool's libltdl library. A flaw was found in the way GNU Libtool's libltdl library looked for libraries to load. It was possible for libltdl to load a malicious library from the current working directory. In certain configurations, if a local attacker is able to trick a local user into running a Java application (which uses a function to load native libraries, such as System.loadLibrary) from within an attacker-controlled directory containing a malicious library or module, the attacker could possibly execute arbitrary code with the privileges of the user running the Java application. (CVE-2009-3736) All gcc and gcc4 users should upgrade to these updated packages, which contain a backported patch to correct this issue. All running Java applications using libgcj must be restarted for this update to take effect. Affected Software/OS: cpp on CentOS 5 Solution: Please install the updated packages. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3736 BugTraq ID: 37128 http://www.securityfocus.com/bid/37128 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01512.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035133.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035168.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054915.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054921.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054656.html http://security.gentoo.org/glsa/glsa-201311-10.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:307 http://www.mandriva.com/security/advisories?name=MDVSA-2010:035 http://www.mandriva.com/security/advisories?name=MDVSA-2010:091 http://www.mandriva.com/security/advisories?name=MDVSA-2010:105 http://lists.gnu.org/archive/html/libtool/2009-11/msg00065.html http://lists.gnu.org/archive/html/libtool/2009-11/msg00059.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11687 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6951 http://www.redhat.com/support/errata/RHSA-2010-0039.html RedHat Security Advisories: RHSA-2010:0095 https://rhn.redhat.com/errata/RHSA-2010-0095.html http://secunia.com/advisories/37414 http://secunia.com/advisories/37489 http://secunia.com/advisories/37997 http://secunia.com/advisories/38190 http://secunia.com/advisories/38577 http://secunia.com/advisories/38617 http://secunia.com/advisories/38696 http://secunia.com/advisories/38915 http://secunia.com/advisories/39299 http://secunia.com/advisories/39347 http://secunia.com/advisories/43617 http://secunia.com/advisories/55721 SuSE Security Announcement: SUSE-SR:2010:006 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html http://www.vupen.com/english/advisories/2011/0574
Copyright	Copyright (c) 2011 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.