Slackware Local Security Checks : Slackware: Security Advisory (SSA:2012-257-02)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.72179

Categoría: Slackware Local Security Checks

Título: Slackware: Security Advisory (SSA:2012-257-02)

Resumen: The remote host is missing an update for the 'patch' package(s) announced via the SSA:2012-257-02 advisory.

Descripción: Summary:
The remote host is missing an update for the 'patch' package(s) announced via the SSA:2012-257-02 advisory.

Vulnerability Insight:
New patch packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,
and -current to fix a security issue.

Here are the details from the Slackware 13.37 ChangeLog:
+--------------------------+
patches/packages/patch-2.7-i486-1_slack13.37.txz: Upgraded.
This version of patch ignores destination filenames that are absolute or
that contain a component of '..', unless such a filename is provided as
an argument.
For more information, see:
[link moved to references]
(* Security fix *)
+--------------------------+

Affected Software/OS:
'patch' package(s) on Slackware 12.1, Slackware 12.2, Slackware 13.0, Slackware 13.1, Slackware 13.37, Slackware current.

Solution:
Please install the updated package(s).

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-4651
43663
http://secunia.com/advisories/43663
43677
http://secunia.com/advisories/43677
46768
http://www.securityfocus.com/bid/46768
ADV-2011-0600
http://www.vupen.com/english/advisories/2011/0600
APPLE-SA-2011-06-23-1
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
FEDORA-2011-1269
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055246.html
FEDORA-2011-1272
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055241.html
[bug-patch] 20101230 Directory traversal vulnerability in patch (or dpkg-source) (fwd)
http://lists.gnu.org/archive/html/bug-patch/2010-12/msg00000.html
[oss-security] 20110105 CVE request: patch directory traversal flaw
http://openwall.com/lists/oss-security/2011/01/05/10
[oss-security] 20110106 Re: CVE request: patch directory traversal flaw
http://openwall.com/lists/oss-security/2011/01/06/19
http://openwall.com/lists/oss-security/2011/01/06/20
http://openwall.com/lists/oss-security/2011/01/06/21
http://git.savannah.gnu.org/cgit/patch.git/commit/?id=685a78b6052f4df6eac6d625a545cfb54a6ac0e1
http://support.apple.com/kb/HT4723
https://bugzilla.redhat.com/show_bug.cgi?id=667529

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.72179
Categoría:	Slackware Local Security Checks
Título:	Slackware: Security Advisory (SSA:2012-257-02)
Resumen:	The remote host is missing an update for the 'patch' package(s) announced via the SSA:2012-257-02 advisory.
Descripción:	Summary: The remote host is missing an update for the 'patch' package(s) announced via the SSA:2012-257-02 advisory. Vulnerability Insight: New patch packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix a security issue. Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/patch-2.7-i486-1_slack13.37.txz: Upgraded. This version of patch ignores destination filenames that are absolute or that contain a component of '..', unless such a filename is provided as an argument. For more information, see: [link moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'patch' package(s) on Slackware 12.1, Slackware 12.2, Slackware 13.0, Slackware 13.1, Slackware 13.37, Slackware current. Solution: Please install the updated package(s). CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4651 43663 http://secunia.com/advisories/43663 43677 http://secunia.com/advisories/43677 46768 http://www.securityfocus.com/bid/46768 ADV-2011-0600 http://www.vupen.com/english/advisories/2011/0600 APPLE-SA-2011-06-23-1 http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html FEDORA-2011-1269 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055246.html FEDORA-2011-1272 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055241.html [bug-patch] 20101230 Directory traversal vulnerability in patch (or dpkg-source) (fwd) http://lists.gnu.org/archive/html/bug-patch/2010-12/msg00000.html [oss-security] 20110105 CVE request: patch directory traversal flaw http://openwall.com/lists/oss-security/2011/01/05/10 [oss-security] 20110106 Re: CVE request: patch directory traversal flaw http://openwall.com/lists/oss-security/2011/01/06/19 http://openwall.com/lists/oss-security/2011/01/06/20 http://openwall.com/lists/oss-security/2011/01/06/21 http://git.savannah.gnu.org/cgit/patch.git/commit/?id=685a78b6052f4df6eac6d625a545cfb54a6ac0e1 http://support.apple.com/kb/HT4723 https://bugzilla.redhat.com/show_bug.cgi?id=667529
Copyright	Copyright (C) 2012 Greenbone AG