English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 75096 CVE descriptions
and 39644 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.57409
Category:Trustix Local Security Checks
Title:Trustix Security Advisory TSLSA-2006-0052 (Multiple packages)
Summary:Trustix Security Advisory TSLSA-2006-0052 (Multiple packages)
Description:
The remote host is missing updates announced in
advisory TSLSA-2006-0052.

freetype < TSL 3.0 > < TSL 2.2 >
- New Upstream.
- Enable bytecode hinting, Bug #1933.
- SECURITY FIX: Chris Evans discovered several integer underflow
and overflow flaws in the FreeType font engine. If a specially
crafted font file that, when loaded by the target user's system,
will trigger an integer underflow or integer overflow and crash
the application or execute arbitrary code on the target system.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2006-3467 to this issue.

gnutls < TSL 3.0 >
- SECURITY Fix: A vulnerability has been reported in GnuTLS, caused
due to an error in the verification of certain signatures. If a
RSA key with exponent 3 is used, it may be possible to forge PKCS
#1 v1.5 signatures signed with that key.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2006-4790 to this issue.

gzip < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- SECURITY Fix: Tavis Ormandy, Google Security Team, has reported
some vulnerabilities in gzip, which can be exploited by malicious
people to cause a DoS and potentially compromise a vulnerable system.
- Fix null pointer dereference that may lead to denial of service if
gzip is used in an automated manner.
- A boundary error within the make_table() function in unlzh.c can be
used to modify certain stack data. This can be exploited to cause a
DoS and potentially allows to execute arbitrary code.
- A buffer underflow exists within the build_tree() function in
unpack.c, which can be exploited to cause a DoS and potentially
allows to execute arbitrary code.
- A buffer overflow within the make_table() function of gzip's LZH
support can be exploited to cause a DoS and potentially to compromise
a vulnerable system by e.g. tricking a user or automated system into
unpacking an archive containing a specially crafted decoding table.
- unlzh.c in the LHZ component in gzip allows context-dependent
attackers to cause a denial of service (infinite loop) via a crafted
GZIP archive.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2006-4334, CVE-2006-4335, CVE-2006-4336,
CVE-2006-4337 and CVE-2006-4338 to these issues.

Solution:
Update your system with the packages as indicated in
the referenced security advisory.

http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2006-0052

Risk factor : High
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-3467
Bugtraq: 20060825 rPSA-2006-0157-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs (Google Search)
http://www.securityfocus.com/archive/1/archive/1/444318/100/0/threaded
Bugtraq: 20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4 (Google Search)
http://www.securityfocus.com/archive/1/archive/1/451404/100/0/threaded
Bugtraq: 20061113 VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1 (Google Search)
http://www.securityfocus.com/archive/1/archive/1/451419/100/200/threaded
Bugtraq: 20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2 (Google Search)
http://www.securityfocus.com/archive/1/archive/1/451417/100/200/threaded
Bugtraq: 20061113 VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2 (Google Search)
http://www.securityfocus.com/archive/1/archive/1/451426/100/200/threaded
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
Debian Security Information: DSA-1178 (Google Search)
http://www.debian.org/security/2006/dsa-1178
Debian Security Information: DSA-1193 (Google Search)
http://www.debian.org/security/2006/dsa-1193
http://security.gentoo.org/glsa/glsa-200609-04.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:129
http://www.mandriva.com/security/advisories?name=MDKSA-2006:148
http://www.redhat.com/support/errata/RHSA-2006-0500.html
http://www.redhat.com/support/errata/RHSA-2006-0634.html
http://www.redhat.com/support/errata/RHSA-2006-0635.html
SGI Security Advisory: 20060701-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102705-1
SuSE Security Announcement: SUSE-SA:2006:045 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2006-Aug/0002.html
SuSE Security Announcement: SUSE-SR:2007:021 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
http://www.trustix.org/errata/2006/0052/
http://www.ubuntu.com/usn/usn-324-1
http://www.ubuntu.com/usn/usn-341-1
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10673
http://www.vupen.com/english/advisories/2006/4522
http://www.vupen.com/english/advisories/2006/4502
http://www.vupen.com/english/advisories/2007/0381
http://securitytracker.com/id?1016522
http://secunia.com/advisories/21144
http://secunia.com/advisories/21232
http://secunia.com/advisories/21135
http://secunia.com/advisories/21285
http://secunia.com/advisories/21566
http://secunia.com/advisories/21567
http://secunia.com/advisories/21793
http://secunia.com/advisories/21798
http://secunia.com/advisories/21606
http://secunia.com/advisories/21626
http://secunia.com/advisories/21701
http://secunia.com/advisories/21836
http://secunia.com/advisories/22027
http://secunia.com/advisories/22332
http://secunia.com/advisories/22907
http://secunia.com/advisories/22875
http://secunia.com/advisories/23400
http://secunia.com/advisories/23939
http://secunia.com/advisories/27271
http://secunia.com/advisories/33937
Common Vulnerability Exposure (CVE) ID: CVE-2006-4790
http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html
http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.html
Debian Security Information: DSA-1182 (Google Search)
http://www.debian.org/security/2006/dsa-1182
http://security.gentoo.org/glsa/glsa-200609-15.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:166
http://www.redhat.com/support/errata/RHSA-2006-0680.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102970-1
SuSE Security Announcement: SUSE-SR:2006:023 (Google Search)
http://www.novell.com/linux/security/advisories/2006_23_sr.html
SuSE Security Announcement: SUSE-SA:2007:010 (Google Search)
http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html
http://www.ubuntu.com/usn/usn-348-1
BugTraq ID: 20027
http://www.securityfocus.com/bid/20027
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9937
http://www.vupen.com/english/advisories/2006/3635
http://www.vupen.com/english/advisories/2006/3899
http://www.vupen.com/english/advisories/2007/2289
http://securitytracker.com/id?1016844
http://secunia.com/advisories/21942
http://secunia.com/advisories/21937
http://secunia.com/advisories/21973
http://secunia.com/advisories/22049
http://secunia.com/advisories/22084
http://secunia.com/advisories/22097
http://secunia.com/advisories/22226
http://secunia.com/advisories/22080
http://secunia.com/advisories/22992
http://secunia.com/advisories/25762
XForce ISS Database: gnutls-rsakey-security-bypass(28953)
http://xforce.iss.net/xforce/xfdb/28953
Common Vulnerability Exposure (CVE) ID: CVE-2006-4334
Bugtraq: 20060919 rPSA-2006-0170-1 gzip (Google Search)
http://www.securityfocus.com/archive/1/archive/1/446426/100/0/threaded
Bugtraq: 20070330 VMSA-2007-0002 VMware ESX security updates (Google Search)
http://www.securityfocus.com/archive/1/archive/1/464268/100/0/threaded
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
Debian Security Information: DSA-1181 (Google Search)
http://www.us.debian.org/security/2006/dsa-1181
http://www.securityfocus.com/archive/1/archive/1/451324/100/0/threaded
FreeBSD Security Advisory: FreeBSD-SA-06:21
http://security.freebsd.org/advisories/FreeBSD-SA-06:21.gzip.asc
http://security.gentoo.org/glsa/glsa-200609-13.xml
HPdes Security Advisory: HPSBTU02168
http://www.securityfocus.com/archive/1/archive/1/450078/100/0/threaded
HPdes Security Advisory: SSRT061237
HPdes Security Advisory: HPSBUX02195
http://www.securityfocus.com/archive/1/archive/1/462007/100/0/threaded
http://www.mandriva.com/security/advisories?name=MDKSA-2006:167
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.020-gzip.html
http://www.redhat.com/support/errata/RHSA-2006-0667.html
SGI Security Advisory: 20061001-01-P
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102766-1
SuSE Security Announcement: SUSE-SA:2006:056 (Google Search)
http://www.novell.com/linux/security/advisories/2006_56_gzip.html
http://www.ubuntu.com/usn/usn-349-1
Cert/CC Advisory: TA06-333A
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
CERT/CC vulnerability note: VU#933712
http://www.kb.cert.org/vuls/id/933712
BugTraq ID: 20101
http://www.securityfocus.com/bid/20101
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10527
http://www.vupen.com/english/advisories/2006/4275
http://www.vupen.com/english/advisories/2006/4750
http://www.vupen.com/english/advisories/2007/0092
http://www.vupen.com/english/advisories/2007/0832
http://www.vupen.com/english/advisories/2007/1171
http://securitytracker.com/id?1016883
http://secunia.com/advisories/22002
http://secunia.com/advisories/22009
http://secunia.com/advisories/22017
http://secunia.com/advisories/22033
http://secunia.com/advisories/22034
http://secunia.com/advisories/22012
http://secunia.com/advisories/22043
http://secunia.com/advisories/22085
http://secunia.com/advisories/22101
http://secunia.com/advisories/22435
http://secunia.com/advisories/22661
http://secunia.com/advisories/22487
http://secunia.com/advisories/23155
http://secunia.com/advisories/21996
http://secunia.com/advisories/23679
http://secunia.com/advisories/24435
http://secunia.com/advisories/24636
XForce ISS Database: gzip-huftbuild-code-execution(29038)
http://xforce.iss.net/xforce/xfdb/29038
Common Vulnerability Exposure (CVE) ID: CVE-2006-4335
http://www.gentoo.org/security/en/glsa/glsa-200611-24.xml
CERT/CC vulnerability note: VN#381508
http://www.kb.cert.org/vuls/id/381508
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10391
http://www.vupen.com/english/advisories/2006/3695
http://www.vupen.com/english/advisories/2006/4760
http://secunia.com/advisories/23153
http://secunia.com/advisories/23156
XForce ISS Database: gzip-lzh-array-code-execution(29040)
http://xforce.iss.net/xforce/xfdb/29040
Common Vulnerability Exposure (CVE) ID: CVE-2006-4336
CERT/CC vulnerability note: VN#554780
http://www.kb.cert.org/vuls/id/554780
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10140
XForce ISS Database: gzip-unpack-buffer-underflow(29042)
http://xforce.iss.net/xforce/xfdb/29042
Common Vulnerability Exposure (CVE) ID: CVE-2006-4337
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11212
Common Vulnerability Exposure (CVE) ID: CVE-2006-4338
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11290
http://www.osvdb.org/29008
XForce ISS Database: gzip-lhz-dos(29046)
http://xforce.iss.net/xforce/xfdb/29046
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 39644 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.