Beschreibung: | Description:
The remote host is missing updates announced in advisory TSLSA-2006-0006.
fcron < TSL 3.0 > < TSL 2.2 > < TSEL 2 > - SECURITY Fix: Adam Zabrocki and Karol Wiesek has reported vulnerabilities in fcron, which can be exploited by malicious, local users to gain escalated privileges. The issue exits in convert-fcrontab when handling an overly long username supplied via the command line and due to missing validation of username. (SA18719)
kernel < TSL 3.0 > < TSL 2.2 > < TSEL 2 > - SECURITY Fix: Linux kernel before 2.6.15.3 down to 2.6.12, while constructing an ICMP response, does not properly handle when the ip_options_echo function in icmp.c fails, which allows remote attackers to cause a denial of service (crash) via vectors such as (1) record-route and (2) timestamp IP options with the needaddr bit set and a truncated value.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2006-0454 to this issue.
- SECURITY Fix: Linus Torvalds: Fix outstanding gzip/zlib security issues. - SECURITY Fix: Disallows local users to write to privileged IO ports via OUTS instruction isofs driver ignore parameters.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0204 to this issue.
unzip < TSL 3.0 > < TSL 2.2 > - SECURITY Fix: Fixes Buffer overflow vulnerability which allows local users to execute arbitrary code via a long filename command line argument.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-4667 to this issue.
Solution: Update your system with the packages as indicated in the referenced security advisory.
http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2006-0006
Risk factor : Medium
CVSS Score: 5.0
|