|
|
Family: Ubuntu Local Security Checks --> Category: infos
USN220-1 : w3c-libwww vulnerability Vulnerability Scan
Vulnerability Scan Summary
w3c-libwww vulnerability
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- libwww-dev
- libwww-ssl-dev
- libwww-ssl0
- libwww0
Description :
Sam Varshavchik discovered several buffer overflows in the
HTBoundary_put_block() function. By sending specially crafted HTTP
multipart/byteranges MIME messages, a malicious HTTP server could
trigger an out of bounds memory access in the libwww library, which
causes the program that uses the library to crash.
Solution :
Upgrade to :
- libwww-dev-5.4.0-9ubuntu0.5.10 (Ubuntu 5.10)
- libwww-ssl-dev-5.4.0-9ubuntu0.5.10 (Ubuntu 5.10)
- libwww-ssl0-5.4.0-9ubuntu0.5.10 (Ubuntu 5.10)
- libwww0-5.4.0-9ubuntu0.5.10 (Ubuntu 5.10)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
