|
Family: Ubuntu Local Security Checks --> Category: infos
USN148-1 : zlib vulnerability Vulnerability Scan
Vulnerability Scan Summary zlib vulnerability
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- zlib-bin
- zlib1g
- zlib1g-dev
Description :
Tavis Ormandy discovered that zlib did not properly verify data
streams. Decompressing certain invalid compressed files caused
corruption of internal data structures, which caused applications
which link to zlib to crash. Specially crafted input might even have
allowed arbitrary code execution.
zlib is used by hundreds of server and client applications, so this
vulnerability could be exploited to cause Denial of Service attacks to
almost all services provided by an Ubuntu system.
Solution :
Upgrade to :
- zlib-bin-1.2.2-4ubuntu1.1 (Ubuntu 5.04)
- zlib1g-1.2.2-4ubuntu1.1 (Ubuntu 5.04)
- zlib1g-dev-1.2.2-4ubuntu1.1 (Ubuntu 5.04)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|