Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.57307
Category:Trustix Local Security Checks
Title:Trustix Security Advisory TSLSA-2006-0048 (Multiple packages)
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory TSLSA-2006-0048.

imagemagick < TSL 3.0 > < TSL 2.2 >
- New Upstream.
- SECURITY Fix: Tavis Ormandy has reported some vulnerabilities in
ImageMagick, which potentially can be exploited by malicious people
to compromise a vulnerable system.
- Fix boundary errors within the DecodeBitmap() function and the
ReadSUNImage() function in sun.c which can be exploited to cause
heap-based buffer overflows when processing specially crafted
Sun Rasterfile images.
- Fix boundary errors within the XCF image decoder which can be
exploited to cause a stack-based and a heap-based overflow when
processing specially crafted XCF image files.
- Damian Put has discovered a vulnerability in ImageMagick, which can
be exploited by malicious people to cause a DoS (Denial of Service)
or potentially compromise a user's system. The vulnerability is
caused due to an integer overflow in the ReadSGIImage() function
when decoding SGI image files.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2006-3744, CVE-2006-3743 and CVE-2006-4144
to these issues.

kernel < TSL 3.0 >
- New upstream.
- SECURITY FIX: A vulnerability has been identified caused due to
an error in the SCTP module within the sctp_make_abort_user()
function and can be exploited to execute arbitrary code with
escalated privileges.
- A vulnerability has been identified in Linux Kernel, which is due
to an error in the Universal Disk Format (UDF) module when
truncating certain files, which could be exploited by malicious
users to panic a vulnerable system, creating a denial of service
condition.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2006-3745 and CVE-2006-4145 to
these issues.

php < TSL 3.0 > < TSL 2.2 >
- New Upstream
- SECURITY Fix: Added missing safe_mode/open_basedir checks inside the
error_log(), file_exists(), imap_open() and imap_reopen() functions.
- Fixed overflows inside str_repeat() and wordwrap() functions on
64bit systems.
- Fixed possible open_basedir/safe_mode bypass in cURL extension and
with realpath cache.
- Fixed overflow in GD extension on invalid GIF images.
- Fixed a buffer overflow inside sscanf() function.
- Fixed an out of bounds read inside stripos() function.
- Fixed memory_limit restriction on 64 bit system.

php4 < TSL 2.2 >
- New Upstream.
- SECURITY Fix: Fixed overflows inside str_repeat() and wordwrap()
functions on 64bit systems.
- Fixed overflow in GD extension on invalid GIF images.
- Fixed possible open_basedir/safe_mode bypass in cURL extension.
- Fixed overflows inside str_repeat() and wordwrap() functions on
64bit systems.
- Fixed a buffer overflow inside sscanf() function.
- Fixed memory_limit restriction on 64 bit system.

Solution:
Update your system with the packages as indicated in
the referenced security advisory.

http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2006-0048

Risk factor : High

CVSS Score:
7.2

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-3744
BugTraq ID: 19699
http://www.securityfocus.com/bid/19699
Debian Security Information: DSA-1168 (Google Search)
http://www.debian.org/security/2006/dsa-1168
http://security.gentoo.org/glsa/glsa-200609-14.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:155
http://bugs.gentoo.org/show_bug.cgi?id=144854
http://www.osvdb.org/28204
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11486
http://www.redhat.com/support/errata/RHSA-2006-0633.html
http://securitytracker.com/id?1016749
http://secunia.com/advisories/21615
http://secunia.com/advisories/21621
http://secunia.com/advisories/21671
http://secunia.com/advisories/21679
http://secunia.com/advisories/21719
http://secunia.com/advisories/21780
http://secunia.com/advisories/21832
http://secunia.com/advisories/22036
http://secunia.com/advisories/22096
SGI Security Advisory: 20060901-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
SuSE Security Announcement: SUSE-SA:2006:050 (Google Search)
http://www.novell.com/linux/security/advisories/2006_50_imagemagick.html
http://www.ubuntu.com/usn/usn-340-1
http://www.vupen.com/english/advisories/2006/3375
XForce ISS Database: imagemagick-rasterfile-bo(28574)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28574
Common Vulnerability Exposure (CVE) ID: CVE-2006-3743
BugTraq ID: 19697
http://www.securityfocus.com/bid/19697
http://www.osvdb.org/28205
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9895
XForce ISS Database: imagemagick-propuserunit-bo(28575)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28575
Common Vulnerability Exposure (CVE) ID: CVE-2006-4144
BugTraq ID: 19507
http://www.securityfocus.com/bid/19507
Bugtraq: 20060814 [Overflow.pl] ImageMagick ReadSGIImage() Heap Overflow (Google Search)
http://www.securityfocus.com/archive/1/443208/100/0/threaded
Bugtraq: 20060816 Re: [Overflow.pl] ImageMagick ReadSGIImage() Heap Overflow (Google Search)
http://www.securityfocus.com/archive/1/443362/100/0/threaded
Debian Security Information: DSA-1213 (Google Search)
http://www.debian.org/security/2006/dsa-1213
http://www.overflow.pl/adv/imsgiheap.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11129
http://securitytracker.com/id?1016699
http://secunia.com/advisories/21462
http://secunia.com/advisories/21525
http://secunia.com/advisories/22998
http://securityreason.com/securityalert/1385
http://www.ubuntu.com/usn/usn-337-1
XForce ISS Database: imagemagick-readsgiimage-bo(28372)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28372
Common Vulnerability Exposure (CVE) ID: CVE-2006-3745
BugTraq ID: 19666
http://www.securityfocus.com/bid/19666
Bugtraq: 20060822 Linux Kernel SCTP Privilege Elevation Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/444066/100/0/threaded
Bugtraq: 20060831 rPSA-2006-0162-1 kernel (Google Search)
http://www.securityfocus.com/archive/1/444887/100/0/threaded
Debian Security Information: DSA-1183 (Google Search)
http://www.debian.org/security/2006/dsa-1183
Debian Security Information: DSA-1184 (Google Search)
http://www.debian.org/security/2006/dsa-1184
http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0600.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:150
http://www.mandriva.com/security/advisories?name=MDKSA-2006:151
http://www.mandriva.com/security/advisories?name=MDKSA-2007:025
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10706
http://www.redhat.com/support/errata/RHSA-2006-0617.html
http://secunia.com/advisories/21576
http://secunia.com/advisories/21605
http://secunia.com/advisories/21614
http://secunia.com/advisories/21695
http://secunia.com/advisories/21847
http://secunia.com/advisories/21934
http://secunia.com/advisories/22082
http://secunia.com/advisories/22093
http://secunia.com/advisories/22148
http://secunia.com/advisories/22174
SuSE Security Announcement: SUSE-SA:2006:057 (Google Search)
http://www.novell.com/linux/security/advisories/2006_57_kernel.html
SuSE Security Announcement: SUSE-SR:2006:021 (Google Search)
http://www.novell.com/linux/security/advisories/2006_21_sr.html
SuSE Security Announcement: SUSE-SR:2006:022 (Google Search)
http://www.novell.com/linux/security/advisories/2006_22_sr.html
http://www.ubuntu.com/usn/usn-346-1
http://www.vupen.com/english/advisories/2006/3358
XForce ISS Database: kernel-sctp-privilege-escalation(28530)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28530
Common Vulnerability Exposure (CVE) ID: CVE-2006-4145
BugTraq ID: 19562
http://www.securityfocus.com/bid/19562
http://www.mandriva.com/security/advisories?name=MDKSA-2006:182
http://lkml.org/lkml/2006/6/16/6
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10796
http://www.redhat.com/support/errata/RHSA-2008-0665.html
http://secunia.com/advisories/21515
http://secunia.com/advisories/21711
http://secunia.com/advisories/22382
http://secunia.com/advisories/23474
http://secunia.com/advisories/27227
http://secunia.com/advisories/31229
http://secunia.com/advisories/31685
SuSE Security Announcement: SUSE-SA:2006:079 (Google Search)
http://www.novell.com/linux/security/advisories/2006_79_kernel.html
SuSE Security Announcement: SUSE-SA:2007:053 (Google Search)
http://www.novell.com/linux/security/advisories/2007_53_kernel.html
http://www.vupen.com/english/advisories/2006/3308
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2022 E-Soft Inc. All rights reserved.