| Beschreibung: | Description:
The remote host is missing updates announced in
advisory TSLSA-2006-0034.
binutils < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- SECURITY Fix: A vulnerability has been identified which could be
exploited by attackers to execute arbitrary code or cause a denial of
service. This flaw is due to a buffer overflow error in the libbfd
library [bfd/tekhex.c] when processing a file containing malformed
a Tektronix Hex Format (TekHex) record, which could be exploited by
attackers to crash an affected application or compromise a vulnerable
system via a malicious file.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2006-2362 to this issue.
mysql < TSL 3.0 > < TSL 2.2 >
- SECURITY Fix: A vulnerability has been reported in MySQL caused due to
an error within the server when parsing a query string that is escaped
with the mysql_real_escape_string() function. This can potentially be
exploited in an environment that uses multi-byte character encoding to
bypass SQL injection escaping.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2006-2753 to this issue.
spamassassin < TSL 3.0 > < TSL 2.2 >
- SECURITY Fix: A vulnerability has been reported in SpamAssassin, which
can be exploited by malicious people to compromise a vulnerable system.
SpamAssassin when running with vpopmail and the paranoid (-P) switch,
allows remote attackers to execute arbitrary commands via a crafted
message that is not properly handled when invoking spamd with the
virtual pop username.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2006-2447 to this issue.
Solution:
Update your system with the packages as indicated in
the referenced security advisory.
http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2006-0034
Risk factor : High
CVSS Score:
7.5
|
