Family: SuSE Local Security Checks --> Category: infos
SUSE-SA:2005:039: zlib Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the zlib package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory SUSE-SA:2005:039 (zlib).
A denial of service condition was fixed in the zlib library.
Any program using zlib to decompress data can be crashed by a specially
handcrafted invalid data stream. This includes web browsers or email
programs able to view PNG images (which are compressed by zlib),
allowing remote attackers to crash browser sessions or potentially
anti virus programs using this vulnerability.
This issue is tracked by the Mitre CVE ID CVE-2005-2096.
Since only zlib 1.2.x is affected, older SUSE products are not affected
by this problem.
Solution : http://www.suse.de/security/advisories/2005_39_zlib.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.