Executive Summary
| Summary | |
|---|---|
| Title | gcc security and bug fix update |
| Informations | |||
|---|---|---|---|
| Name | RHSA-2007:0220 | First vendor Publication | 2007-05-01 |
| Vendor | RedHat | Last vendor Modification | 2007-05-01 |
| Severity (Vendor) | Moderate | Revision | 02 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:H/Au:N/C:N/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 2.6 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | High |
| Cvss Expoit Score | 4.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Problem Description: Updated gcc packages that fix a security issue and various bugs are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The gcc packages include C, C++, Java, Fortran 77, Objective C, and Ada 95 GNU compilers and related support libraries. Jürgen Weigert discovered a directory traversal flaw in fastjar. An attacker could create a malicious JAR file which, if unpacked using fastjar, could write to any files the victim had write access to. (CVE-2006-3619) These updated packages also fix several bugs, including: * two debug information generator bugs * two internal compiler errors In addition to this, protoize.1 and unprotoize.1 manual pages have been added to the package and __cxa_get_exception_ptr@@CXXABI_1.3.1 symbol has been added into libstdc++.so.6. For full details regarding all fixed bugs, refer to the package changelog as well as the specified list of bug reports from bugzilla. All users of gcc should upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 198912 - CVE-2006-3619 Directory traversal issue in fastjar 205919 - ICE related to std::vector |
Original Source
| Url : https://rhn.redhat.com/errata/RHSA-2007-0220.html |
OVAL Definitions
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2010-06-25 | Name : Mandriva Update for fastjar MDVSA-2010:122 (fastjar) File : nvt/gb_mandriva_MDVSA_2010_122.nasl |
| 2009-04-09 | Name : Mandriva Update for gcc MDVSA-2008:066 (gcc) File : nvt/gb_mandriva_MDVSA_2008_066.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200711-23 (vmware-workstation vmware-player) File : nvt/glsa_200711_23.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1170-1 (gcc-3.4) File : nvt/deb_1170_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 27380 | Gnu GCC fastjar JAR Processing Traversal Arbitrary File Write |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0220.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0473.nasl - Type : ACT_GATHER_INFO |
| 2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0220.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070501_gcc_on_SL4.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070611_gcc_on_SL3.nasl - Type : ACT_GATHER_INFO |
| 2010-06-23 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2010-122.nasl - Type : ACT_GATHER_INFO |
| 2009-07-27 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2007-0006.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-066.nasl - Type : ACT_GATHER_INFO |
| 2007-11-20 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200711-23.nasl - Type : ACT_GATHER_INFO |
| 2007-06-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0473.nasl - Type : ACT_GATHER_INFO |
| 2007-06-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0473.nasl - Type : ACT_GATHER_INFO |
| 2007-05-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0220.nasl - Type : ACT_GATHER_INFO |
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1170.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:50:34 |
|
