Description: | Description:
The remote host is missing updates announced in advisory TSLSA-2006-0044.
apache < TSL 3.0 > < TSL 2.2 > < TSEL 2 > - SECURITY Fix: A vulnerability has been reported in Apache HTTP Server, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a off-by-one error in mod_rewrite within the ldap scheme handling and can be exploited to cause a one-byte buffer overflow.
The Common Vulnerabilities and Exposures project has assigned the name CVE-2006-3747 to this issue.
gnupg < TSL 3.0 > < TSL 2.2 > < TSEL 2 > - SECURITY Fix: Evgeny Legerov has reported a vulnerability in GnuPG, caused due to an input validation error in parse_packet.c when handling certain message packets. This can be exploited to cause GnuPG to consume large amounts of memory or crash via an overly long comment length in a message packet. This can further be exploited to cause an integer overflow, which leads to possible memory corruption and crashes GnuPG.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2006-3746 to this issue.
libtiff < TSL 3.0 > < TSL 2.2 > < TSEL 2 > - SECURITY Fix: Tavis Ormandy, Google Security Team has reported some vulnerabilities in libTIFF, which can be exploited by malicious people to cause a DoS or potentially compromise a vulnerable system. The vulnerabilities are caused due to various heap and integer overflows when processing TIFF images and can be exploited via a specially crafted TIFF image.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464 and CVE-2006-3465 these issues.
Solution: Update your system with the packages as indicated in the referenced security advisory.
https://secure1.securityspace.com/smysecure/catid.html?in=TSLSA-2006-0044
Risk factor : High
CVSS Score: 7.8
|