|
|
Family: Debian Local Security Checks --> Category: infos
[DSA1181] DSA-1181-1 gzip Vulnerability Scan
Vulnerability Scan Summary
DSA-1181-1 gzip
Detailed Explanation for this Vulnerability Test
Tavis Ormandy from the Google Security Team discovered several
vulnerabilities in gzip, the GNU compression utility. The Common
Vulnerabilities and Exposures project identifies the following problems:
A null pointer dereference may lead to denial of service if gzip is
used in an automated manner.
Missing boundary checks may lead to stack modification, allowing
execution of arbitrary code.
A buffer underflow in the pack support code may lead to execution of
arbitrary code.
A buffer underflow in the LZH support code may lead to execution of
arbitrary code.
An infinite loop may lead to denial of service if gzip is used in
an automated manner.
For the stable distribution (sarge) these problems have been fixed in
version 1.3.5-10sarge2.
For the unstable distribution (sid) these problems have been fixed in
version 1.3.5-15.
We recommend that you upgrade your gzip package.
Solution : http://www.debian.org/security/2006/dsa-1181
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
