| Beschreibung: | Description:
The remote host is missing updates announced in
advisory TSLSA-2006-0032.
kernel < TSL 3.0 >
- New Upstream.
- SECURITY Fix: Pavel Kankovsky discovered that the getsockopt()
function, when called with an SO_ORIGINAL_DST argument, does not
properly clear the returned structure, so that a random piece of
kernel memory is exposed to the user. This could potentially
reveal sensitive data like passwords or encryption keys.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2006-1343 to this issue.
postgresql < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- New Upstream.
- SECURITY Fix: Akio Ishida and Yasuo Ohgaki have reported vulnerabilities
in PostgreSQL, which potentially can be exploited by malicious people
to conduct SQL injection attacks.
- The first issue is due to an input validation error when handling a
parameter containing invalidly-encoded multibyte characters, which
could be exploited by malicious people to bypass standard string-escaping
methods and conduct SQL injection attacks via a supposedly secure script.
- The second issue is due to an error when escaping ASCII single quote '
characters (by turning them into \') and operating in multibyte
encodings that allow using the 0x5c ASCII code (backslash) as the
trailing byte of a multibyte character, which could be exploited by
attackers to inject arbitrary SQL queries.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2006-2313 and CVE-2006-2314 to these issues.
Solution:
Update your system with the packages as indicated in
the referenced security advisory.
http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2006-0032
Risk factor : High
CVSS Score:
7.5
|
