ID de Prueba:	1.3.6.1.4.1.25623.1.0.57036
Categoría:	Trustix Local Security Checks
Título:	Trustix Security Advisory TSLSA-2006-0037 (kernel, netpbm)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory TSLSA-2006-0037. kernel < TSL 3.0 > - New upstream. - Module qlogicfc successfully replaced with qla2xxx. - Added scsi_transport_spi to initrd module list. - SECURITY FIX: A race condition error in the posix-cpu-timers.c script that does not prevent another CPU from attaching the timer to an exiting process, which could be exploited by attackers to cause a denial of service. - Flaw due to errors in powerpc/kernel/signal_32.c and powerpc/kernel/signal_32.c, which could allow userspace to provoke a machine check on 32-bit kernels. - An infinite loop in netfilter/xt_sctp.c, which could be exploited by attackers to exhaust all available memory resources, creating a denial of service condition. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2006-2445, CVE-2006-2448 and CVE-2006-3085 to this issue. netpbm < TSL 3.0 > < TSL 2.2 > - SECURITY Fix: A vulnerability has been reported in NetPBM, caused due to an off-by-one boundary error within pamtofits. This can be exploited to cause a single byte buffer overflow when processing a specially crafted input file. Solution: Update your system with the packages as indicated in the referenced security advisory. https://secure1.securityspace.com/smysecure/catid.html?in=TSLSA-2006-0037 Risk factor : High CVSS Score: 7.8
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-2445 BugTraq ID: 18615 http://www.securityfocus.com/bid/18615 Bugtraq: 20060623 rPSA-2006-0110-1 kernel (Google Search) http://www.securityfocus.com/archive/1/438168/100/0/threaded http://www.mandriva.com/security/advisories?name=MDKSA-2006:123 http://www.mandriva.com/security/advisories?name=MDKSA-2006:151 http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=30f1e3dd8c72abda343bcf415f7d8894a02b4290 http://marc.info/?l=linux-kernel&m=115015841413687 http://www.osvdb.org/26947 http://secunia.com/advisories/20703 http://secunia.com/advisories/20831 http://secunia.com/advisories/20991 http://secunia.com/advisories/21045 http://secunia.com/advisories/21179 SuSE Security Announcement: SUSE-SA:2006:042 (Google Search) http://www.novell.com/linux/security/advisories/2006_42_kernel.html http://www.trustix.org/errata/2006/0037 http://www.ubuntu.com/usn/usn-311-1 http://www.vupen.com/english/advisories/2006/2451 XForce ISS Database: linux-runposixcputimers-dos(27380) https://exchange.xforce.ibmcloud.com/vulnerabilities/27380 Common Vulnerability Exposure (CVE) ID: CVE-2006-2448 18616 http://www.securityfocus.com/bid/18616 2006-0037 20060623 rPSA-2006-0110-1 kernel 20703 20831 20991 21179 21465 http://secunia.com/advisories/21465 21498 http://secunia.com/advisories/21498 22417 http://secunia.com/advisories/22417 ADV-2006-2451 RHSA-2006:0575 http://www.redhat.com/support/errata/RHSA-2006-0575.html SUSE-SA:2006:042 SUSE-SA:2006:047 http://www.novell.com/linux/security/advisories/2006_47_kernel.html USN-311-1 http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7c85d1f9d358b24c5b05c3a2783a78423775a080 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.21 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=194215 oval:org.mitre.oval:def:10040 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10040 Common Vulnerability Exposure (CVE) ID: CVE-2006-3085 BugTraq ID: 18550 http://www.securityfocus.com/bid/18550 http://www.osvdb.org/26680 http://securitytracker.com/id?1016347 SuSE Security Announcement: SUSE-SA:2006:047 (Google Search) XForce ISS Database: linux-xt-sctp-dos(27384) https://exchange.xforce.ibmcloud.com/vulnerabilities/27384
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.