Test ID:	1.3.6.1.4.1.25623.1.0.57695
Category:	Trustix Local Security Checks
Title:	Trustix Security Advisory TSLSA-2006-0068 (gnupg, tar)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory TSLSA-2006-0068. gnupg < TSL 3.0 > < TSL 2.2 > < TSEL 2 > - SECURITY Fix: Hugh Warrington has reported a vulnerability in GnuPG, caused due to a boundary error in the ask_outfile_name() function in openfile.c, because the make_printable_string() function can return a string longer than the expected NAMELEN. This can be exploited to cause a buffer overflow. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2006-6169 to this issue. tar < TSL 3.0 > < TSL 2.2 > < TSEL 2 > - New Upstream - Option -l is now an alias of --check-links option. - SECURITY Fix: Teemu Salmela has reported a security issue in GNU tar, caused due to the extract_archive() function in extract.c and the extract_mangle() function in mangle.c still processing the deprecated GNUTYPE_NAMES record type containing symbolic links. This can be exploited to overwrite arbitrary files. The Common Vulnerabilities and Exposures project has assigned the name CVE-2006-6097 to this issue. Solution: Update your system with the packages as indicated in the referenced security advisory. http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2006-0068 Risk factor : High CVSS Score: 6.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-6169 BugTraq ID: 21306 http://www.securityfocus.com/bid/21306 Bugtraq: 20061127 GnuPG 1.4 and 2.0 buffer overflow (Google Search) http://www.securityfocus.com/archive/1/452829/100/0/threaded Bugtraq: 20061201 rPSA-2006-0224-1 gnupg (Google Search) http://www.securityfocus.com/archive/1/453253/100/100/threaded Debian Security Information: DSA-1231 (Google Search) http://www.debian.org/security/2006/dsa-1231 http://security.gentoo.org/glsa/glsa-200612-03.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:221 https://bugs.g10code.com/gnupg/issue728 http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11228 http://www.redhat.com/support/errata/RHSA-2006-0754.html http://securitytracker.com/id?1017291 http://secunia.com/advisories/23094 http://secunia.com/advisories/23110 http://secunia.com/advisories/23146 http://secunia.com/advisories/23161 http://secunia.com/advisories/23171 http://secunia.com/advisories/23250 http://secunia.com/advisories/23269 http://secunia.com/advisories/23284 http://secunia.com/advisories/23299 http://secunia.com/advisories/23303 http://secunia.com/advisories/23513 http://secunia.com/advisories/24047 SGI Security Advisory: 20061201-01-P ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc http://securityreason.com/securityalert/1927 SuSE Security Announcement: SUSE-SA:2006:075 (Google Search) http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html http://www.trustix.org/errata/2006/0068/ http://www.ubuntu.com/usn/usn-389-1 http://www.ubuntu.com/usn/usn-393-2 http://www.vupen.com/english/advisories/2006/4736 XForce ISS Database: gnupg-openfile-bo(30550) https://exchange.xforce.ibmcloud.com/vulnerabilities/30550 Common Vulnerability Exposure (CVE) ID: CVE-2006-6097 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html BugTraq ID: 21235 http://www.securityfocus.com/bid/21235 Bugtraq: 20061201 rPSA-2006-0222-1 tar (Google Search) http://www.securityfocus.com/archive/1/453286/100/0/threaded Bugtraq: 20070330 VMSA-2007-0002 VMware ESX security updates (Google Search) http://www.securityfocus.com/archive/1/464268/100/0/threaded Cert/CC Advisory: TA07-072A http://www.us-cert.gov/cas/techalerts/TA07-072A.html Debian Security Information: DSA-1223 (Google Search) http://www.debian.org/security/2006/dsa-1223 FreeBSD Security Advisory: FreeBSD-SA-06:26 http://security.freebsd.org/advisories/FreeBSD-SA-06:26.gtar.asc http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050812.html http://security.gentoo.org/glsa/glsa-200612-10.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:219 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216937 http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.038.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10963 RedHat Security Advisories: RHSA-2006:0749 http://rhn.redhat.com/errata/RHSA-2006-0749.html http://securitytracker.com/id?1017423 http://secunia.com/advisories/23115 http://secunia.com/advisories/23117 http://secunia.com/advisories/23142 http://secunia.com/advisories/23163 http://secunia.com/advisories/23173 http://secunia.com/advisories/23198 http://secunia.com/advisories/23209 http://secunia.com/advisories/23314 http://secunia.com/advisories/23443 http://secunia.com/advisories/23514 http://secunia.com/advisories/23911 http://secunia.com/advisories/24479 http://secunia.com/advisories/24636 SGI Security Advisory: 20061202-01-P ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.469379 http://securityreason.com/securityalert/1918 http://www.ubuntu.com/usn/usn-385-1 http://www.vupen.com/english/advisories/2006/4717 http://www.vupen.com/english/advisories/2006/5102 http://www.vupen.com/english/advisories/2007/0930 http://www.vupen.com/english/advisories/2007/1171
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.