ID de Prueba:	1.3.6.1.4.1.25623.1.0.57695
Categoría:	Trustix Local Security Checks
Título:	Trustix Security Advisory TSLSA-2006-0068 (gnupg, tar)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory TSLSA-2006-0068. gnupg < TSL 3.0 > < TSL 2.2 > < TSEL 2 > - SECURITY Fix: Hugh Warrington has reported a vulnerability in GnuPG, caused due to a boundary error in the ask_outfile_name() function in openfile.c, because the make_printable_string() function can return a string longer than the expected NAMELEN. This can be exploited to cause a buffer overflow. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2006-6169 to this issue. tar < TSL 3.0 > < TSL 2.2 > < TSEL 2 > - New Upstream - Option -l is now an alias of --check-links option. - SECURITY Fix: Teemu Salmela has reported a security issue in GNU tar, caused due to the extract_archive() function in extract.c and the extract_mangle() function in mangle.c still processing the deprecated GNUTYPE_NAMES record type containing symbolic links. This can be exploited to overwrite arbitrary files. The Common Vulnerabilities and Exposures project has assigned the name CVE-2006-6097 to this issue. Solution: Update your system with the packages as indicated in the referenced security advisory. https://secure1.securityspace.com/smysecure/catid.html?in=TSLSA-2006-0068 Risk factor : High CVSS Score: 6.8
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-6169 BugTraq ID: 21306 http://www.securityfocus.com/bid/21306 Bugtraq: 20061127 GnuPG 1.4 and 2.0 buffer overflow (Google Search) http://www.securityfocus.com/archive/1/452829/100/0/threaded Bugtraq: 20061201 rPSA-2006-0224-1 gnupg (Google Search) http://www.securityfocus.com/archive/1/453253/100/100/threaded Debian Security Information: DSA-1231 (Google Search) http://www.debian.org/security/2006/dsa-1231 http://security.gentoo.org/glsa/glsa-200612-03.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:221 https://bugs.g10code.com/gnupg/issue728 http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11228 http://www.redhat.com/support/errata/RHSA-2006-0754.html http://securitytracker.com/id?1017291 http://secunia.com/advisories/23094 http://secunia.com/advisories/23110 http://secunia.com/advisories/23146 http://secunia.com/advisories/23161 http://secunia.com/advisories/23171 http://secunia.com/advisories/23250 http://secunia.com/advisories/23269 http://secunia.com/advisories/23284 http://secunia.com/advisories/23299 http://secunia.com/advisories/23303 http://secunia.com/advisories/23513 http://secunia.com/advisories/24047 SGI Security Advisory: 20061201-01-P ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc http://securityreason.com/securityalert/1927 SuSE Security Announcement: SUSE-SA:2006:075 (Google Search) http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html http://www.trustix.org/errata/2006/0068/ http://www.ubuntu.com/usn/usn-389-1 http://www.ubuntu.com/usn/usn-393-2 http://www.vupen.com/english/advisories/2006/4736 XForce ISS Database: gnupg-openfile-bo(30550) https://exchange.xforce.ibmcloud.com/vulnerabilities/30550 Common Vulnerability Exposure (CVE) ID: CVE-2006-6097 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html BugTraq ID: 21235 http://www.securityfocus.com/bid/21235 Bugtraq: 20061201 rPSA-2006-0222-1 tar (Google Search) http://www.securityfocus.com/archive/1/453286/100/0/threaded Bugtraq: 20070330 VMSA-2007-0002 VMware ESX security updates (Google Search) http://www.securityfocus.com/archive/1/464268/100/0/threaded Cert/CC Advisory: TA07-072A http://www.us-cert.gov/cas/techalerts/TA07-072A.html Debian Security Information: DSA-1223 (Google Search) http://www.debian.org/security/2006/dsa-1223 FreeBSD Security Advisory: FreeBSD-SA-06:26 http://security.freebsd.org/advisories/FreeBSD-SA-06:26.gtar.asc http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050812.html http://security.gentoo.org/glsa/glsa-200612-10.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:219 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216937 http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.038.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10963 RedHat Security Advisories: RHSA-2006:0749 http://rhn.redhat.com/errata/RHSA-2006-0749.html http://securitytracker.com/id?1017423 http://secunia.com/advisories/23115 http://secunia.com/advisories/23117 http://secunia.com/advisories/23142 http://secunia.com/advisories/23163 http://secunia.com/advisories/23173 http://secunia.com/advisories/23198 http://secunia.com/advisories/23209 http://secunia.com/advisories/23314 http://secunia.com/advisories/23443 http://secunia.com/advisories/23514 http://secunia.com/advisories/23911 http://secunia.com/advisories/24479 http://secunia.com/advisories/24636 SGI Security Advisory: 20061202-01-P ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.469379 http://securityreason.com/securityalert/1918 http://www.ubuntu.com/usn/usn-385-1 http://www.vupen.com/english/advisories/2006/4717 http://www.vupen.com/english/advisories/2006/5102 http://www.vupen.com/english/advisories/2007/0930 http://www.vupen.com/english/advisories/2007/1171
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.