| Description: | Description:
The remote host is missing updates announced in
advisory TSLSA-2007-0007.
fetchmail < TSL 3.0 > < TSL 2.2 >
- SECURITY Fix: Fetchmail does not properly enforce TLS and may
transmit cleartext passwords over unsecured links if certain
circumstances occur, which allows remote attackers to obtain
sensitive information via man-in-the-middle (MITM) attacks.
- A vulnerability has been reported in Fetchmail caused due to
a NULL pointer dereference error when rejecting a message sent
to an MDA, which could be exploited by attackers to cause a
denial of service.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2006-5867 and CVE-2006-5974 to these issues.
gd < TSL 3.0 > < TSL 2.2 >
- SECURITY Fix: Buffer overflow in the gdImageStringFTEx function
in gdft.c in GD Graphics Library allows remote attackers to cause
a denial of service (application crash) and possibly execute
arbitrary code via a crafted string with a JIS encoded font.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2007-0455 to this issue.
php < TSL 3.0 > < TSL 2.2 >
- New Upstream.
- Includes fix for php out of memory error, Bug #2062.
- Multiple Security fixes.
postgresql < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- New upstream.
- SECURITY Fix: An unspecified error can be used to suppress certain
checks, which ensure that SQL functions return the correct data
type. This can be exploited to crash the database backend or
disclose potentially sensitive information.
- An unspecified error when changing the data type of a table column
can be exploited to crash the database backend or disclose
potentially sensitive information.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2007-0555 and CVE-2007-0556 to these issues.
samba < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- New upstream.
- SECURITY Fix: smbd allows remote authenticated users to cause a
denial of service (memory and CPU exhaustion) by renaming a file
in a way that prevents a request from being removed from the
deferred open queue, which triggers an infinite loop.
- Buffer overflow in the nss_winbind.so.1 library, as used in the
winbindd daemon, allows attackers to execute arbitrary code via
the (1) gethostbyname and (2) getipnodebyname functions.
- Format string vulnerability in the afsacl.so VFS module allows
context-dependent attackers to execute arbitrary code via format
string specifiers in a filename on an AFS file system, which is
not properly handled during Windows ACL mapping.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-0452, CVE-2007-0453 and
CVE-2007-0454 to these issue.
Solution:
Update your system with the packages as indicated in
the referenced security advisory.
http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2007-0007
Risk factor : Critical
CVSS Score:
8.5
|
