Test ID:	1.3.6.1.4.1.25623.1.0.57654
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1219)
Summary:	The remote host is missing an update for the Debian 'texinfo' package(s) announced via the DSA-1219 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'texinfo' package(s) announced via the DSA-1219 advisory. Vulnerability Insight: Multiple vulnerabilities have been found in the GNU texinfo package, a documentation system for on-line information and printed output. CVE-2005-3011 Handling of temporary files is performed in an insecure manner, allowing an attacker to overwrite any file writable by the victim. CVE-2006-4810 A buffer overflow in util/texindex.c could allow an attacker to execute arbitrary code with the victim's access rights by inducing the victim to run texindex or tex2dvi on a specially crafted texinfo file. For the stable distribution (sarge), these problems have been fixed in version 4.7-2.2sarge2. Note that binary packages for the mipsel architecture are not currently available due to technical problems with the build host. These packages will be made available as soon as possible. For unstable (sid) and the upcoming stable release (etch), these problems have been fixed in version 4.8.dfsg.1-4. We recommend that you upgrade your texinfo package. Affected Software/OS: 'texinfo' package(s) on Debian 3.1. Solution: Please install the updated package(s). CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-3011 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html BugTraq ID: 14854 http://www.securityfocus.com/bid/14854 Bugtraq: 20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates (Google Search) http://www.securityfocus.com/archive/1/464745/100/0/threaded Debian Security Information: DSA-1219 (Google Search) http://www.debian.org/security/2006/dsa-1219 FreeBSD Security Advisory: FreeBSD-SA-06:01 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:01.texindex.asc http://www.gentoo.org/security/en/glsa/glsa-200510-04.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:175 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=328365 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10589 http://www.redhat.com/support/errata/RHSA-2006-0727.html http://securitytracker.com/id?1014992 http://securitytracker.com/id?1015468 http://secunia.com/advisories/16816 http://secunia.com/advisories/17070 http://secunia.com/advisories/17076 http://secunia.com/advisories/17093 http://secunia.com/advisories/17211 http://secunia.com/advisories/17215 http://secunia.com/advisories/18401 http://secunia.com/advisories/22929 http://secunia.com/advisories/23112 http://secunia.com/advisories/24788 http://secunia.com/advisories/25402 SGI Security Advisory: 20061101-01-P ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P SuSE Security Announcement: SUSE-SR:2005:023 (Google Search) http://www.novell.com/linux/security/advisories/2005_23_sr.html http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html http://www.ubuntu.com/usn/usn-194-1 http://www.vupen.com/english/advisories/2007/1267 http://www.vupen.com/english/advisories/2007/1939 Common Vulnerability Exposure (CVE) ID: CVE-2006-4810 2006-0063 http://www.trustix.org/errata/2006/0063/ 20061101-01-P 20061127 rPSA-2006-0219-1 info install-info texinfo http://www.securityfocus.com/archive/1/452723/100/0/threaded 20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates 20959 http://www.securityfocus.com/bid/20959 22725 http://secunia.com/advisories/22725 22777 http://secunia.com/advisories/22777 22798 http://secunia.com/advisories/22798 22898 http://secunia.com/advisories/22898 22929 22995 http://secunia.com/advisories/22995 23015 http://secunia.com/advisories/23015 23112 23335 http://secunia.com/advisories/23335 24788 ADV-2006-4412 http://www.vupen.com/english/advisories/2006/4412 ADV-2007-1267 DSA-1219 GLSA-200611-16 http://security.gentoo.org/glsa/glsa-200611-16.xml MDKSA-2006:203 http://www.mandriva.com/security/advisories?name=MDKSA-2006:203 OpenPKG-SA-2006.034 http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.034-texinfo.html RHSA-2006:0727 SUSE-SR:2006:028 http://www.novell.com/linux/security/advisories/2006_28_sr.html USN-379-1 http://www.ubuntu.com/usn/usn-379-1 http://cvs.savannah.gnu.org/viewcvs/texinfo/texinfo/util/texindex.c?r1=1.16&r2=1.17 http://www.vmware.com/support/vi3/doc/esx-1121906-patch.html http://www.vmware.com/support/vi3/doc/esx-2559638-patch.html https://issues.rpath.com/browse/RPL-810 oval:org.mitre.oval:def:10893 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10893 texinfo-texindex-bo(30158) https://exchange.xforce.ibmcloud.com/vulnerabilities/30158
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.