| Beschreibung: | Description:
The remote host is missing updates announced in
advisory TSLSA-2006-0006.
fcron < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- SECURITY Fix: Adam Zabrocki and Karol Wiesek has reported vulnerabilities
in fcron, which can be exploited by malicious, local users to gain
escalated privileges. The issue exits in convert-fcrontab when handling
an overly long username supplied via the command line and due to missing
validation of username. (SA18719)
kernel < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- SECURITY Fix: Linux kernel before 2.6.15.3 down to 2.6.12, while
constructing an ICMP response, does not properly handle when the
ip_options_echo function in icmp.c fails, which allows remote attackers
to cause a denial of service (crash) via vectors such as (1) record-route
and (2) timestamp IP options with the needaddr bit set and a truncated
value.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2006-0454 to this issue.
- SECURITY Fix: Linus Torvalds: Fix outstanding gzip/zlib security issues.
- SECURITY Fix: Disallows local users to write to privileged IO ports
via OUTS instruction isofs driver ignore parameters.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2005-0204 to this issue.
unzip < TSL 3.0 > < TSL 2.2 >
- SECURITY Fix: Fixes Buffer overflow vulnerability which allows local
users to execute arbitrary code via a long filename command line argument.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2005-4667 to this issue.
Solution:
Update your system with the packages as indicated in
the referenced security advisory.
http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2006-0006
Risk factor : Medium
CVSS Score:
5.0
|
