| Description: | Description:
The remote host is missing updates announced in
advisory TSLSA-2006-0063.
bind < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- New Upstream.
- SECURITY Fix: Raise the minimum safe OpenSSL versions to OpenSSL
0.9.7l and OpenSSL 0.9.8d. Versions prior to these have known
security flaws which are exploitable in named. [RT #16391]
- Change the default RSA exponent from 3 to 65537.
openssh < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- New upstream.
- SECURITY Fix: A weakness has been reported in OpenSSH, which
can be exploited by malicious people to bypass certain security
restrictions. The weakness is caused due to an error within the
privilege separation monitor, which may weaken the authentication
process (SA22771).
rpm < TSL 3.0 >
- SECURITY Fix: A vulnerability has been reported in RPM, caused due
to a boundary error when processing certain RPM packages. This can
be exploited to cause a heap-based buffer overflow by e.g. tricking
a user into querying a specially crafted RPM package.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2006-5466 to this issue.
texinfo < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- SECURITY Fix: Buffer overflow in the texi2dvi and texindex commands
allows local users to execute arbitrary code via a crafted Texinfo
file.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2006-4810 to this issue.
Solution:
Update your system with the packages as indicated in
the referenced security advisory.
http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2006-0063
Risk factor : High
CVSS Score:
5.4
|
