|
Family: Ubuntu Local Security Checks --> Category: infos
USN151-4 : rpm vulnerability Vulnerability Scan
Vulnerability Scan Summary rpm vulnerability
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- librpm-dev
- librpm4
- lsb-rpm
- rpm
Description :
USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could
be exploited to cause Denial of Service attacks or even arbitrary code
execution with malicious data streams.
Since lsb-rpm is statically linked against the zlib library, it is also
affected by these issues. The updated packagages have been rebuilt
against the fixed zlib.
Please note that lsb-rpm is not officially supported (it is in the "universe"
component of the archive).
Solution :
Upgrade to :
- librpm-dev-4.0.4-31ubuntu1.1 (Ubuntu 5.10)
- librpm4-4.0.4-31ubuntu1.1 (Ubuntu 5.10)
- lsb-rpm-4.0.4-31ubuntu1.1 (Ubuntu 5.10)
- rpm-4.0.4-31ubuntu1.1 (Ubuntu 5.10)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|