Description: | Description:
The remote host is missing updates announced in advisory TSLSA-2004-0054.
libtiff: Chris Evans and Dmitry V. Levin discovered some security holes in libtiff.
CVE-2004-0803 Chris Evans discovered several problems in the RLE (run length encoding) decoders that could lead to arbitrary code execution.
CVE-2004-0886 Dmitry V. Levin discovered several integer overflows that caused malloc issues which can result to either plain crash or memory corruption.
mysql: Martin Schulze pointed to several issues that had been fixed in the upstream mysql source.
CVE-2004-0835 Oleksandr Byelkin noticed that ALTER TABLE ... RENAME checks CREATE/INSERT rights of the old table instead of the new one.
CVE-2004-0836 Lukasz Wojtow noticed a buffer overrun in the mysql_real_connect function.
CVE-2004-0837 Dean Ellis noticed that multiple threads ALTERing the same (or different) MERGE tables to change the UNION can cause the server to crash or stall.
Issues with no CVE number:
Crash with MATCH..AGAINST (denial of service) http://bugs.mysql.com/bug.php?id=3870
Privilege Escalation on GRANT ALL ON `Foo\_Bar` Changelog: Fixed bug in privilege checking where, under some conditions, one was able to grant privileges on the database, he has no privileges on.
http://bugs.mysql.com/bug.php?id=3933 http://mysql.bkbits.net:8080/mysql-4.0/patch@1.1844.5.1
squid: iDefense reported that remote exploitation of a design error in the SNMP module of Squid Web Proxy Cache may lead to a denial of service. For a thorough description, see iDEFENSE Security Advisory 10.11.04: http://www.idefense.com/application/poi/display?id=152&type=vulnerabilities
cyrus-sasl: A packaging bug in our cyrus-sasl package failed to properly mark /etc/sysconfig/saslauthd as a config file. This caused the file to be replaced on package upgrades.
People upgrading this package should backup this file before upgrading. # cp /etc/sysconfig/saslauthd /etc/sysconfig/saslauthd.bak # swup --upgrade # mv /etc/sysconfig/saslauthd.bak /etc/sysconfig/saslauthd
Solution: Update your system with the packages as indicated in the referenced security advisory.
http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2004-0054
Risk factor : Critical
CVSS Score: 10.0
|