Trustix Local Security Checks : Trustix Security Advisory TSLSA-2002-0040 (Multiple packages)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.54231

Kategorie: Trustix Local Security Checks

Titel: Trustix Security Advisory TSLSA-2002-0040 (Multiple packages)

Zusammenfassung: NOSUMMARY

Beschreibung: Description:

The remote host is missing updates announced in
advisory TSLSA-2002-0040.

zlib version 1.1.3 and lower contains a vulnerability which, in a worst case
scenario, might allow an attacker to execute arbitary code. This problem is
solved by upgrading to the new release of zlib.

All programs which are dynamicly linked with this library needs to be
restarted after the zlib upgrade. This include, among others: openssh and
postgresql. To ensure that these services are in fact restarted, the TSL-team
have upgraded them aswell.
Users of the swup software update tool will benefit greatly from this.

Some programs are staticly linked with this library and have been
recomplied using the new release of zlib as part of the build environment.

Also some programs have parts of the zlib source code copied into their own
source code, and may therefore be vulnerable. These will be updated when
analysis tells us that they are in fact vulnerable.

Following is a list of the updated packages:
- zlib (Upgrade: 1.1.4-1tr)
- openssh (Rebuild: 3.1.0p1-2tr)
- postgresql (Rebuild: 7.1.2-4tr)
- mysql (Rebuild: 3.23.47-2tr)
- rpm (Rebuild: 3.0.6-7tr)
- rsync (Upgrade: 2.5.4-1tr)
- kernel (Patch: 2.2.20-2tr)
- sash (Upgrade: 3.5-1tr)
- ppp (Ugrade/patch: 2.4.1-1tr)

We have also included some of the updates that have been in the public
testing directories for a while:

1.5: man and procmail
1.2: apache apache-ssl

Solution:
Update your system with the packages as indicated in
the referenced security advisory.

http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2002-0040

Risk factor : High

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.54231
Kategorie:	Trustix Local Security Checks
Titel:	Trustix Security Advisory TSLSA-2002-0040 (Multiple packages)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory TSLSA-2002-0040. zlib version 1.1.3 and lower contains a vulnerability which, in a worst case scenario, might allow an attacker to execute arbitary code. This problem is solved by upgrading to the new release of zlib. All programs which are dynamicly linked with this library needs to be restarted after the zlib upgrade. This include, among others: openssh and postgresql. To ensure that these services are in fact restarted, the TSL-team have upgraded them aswell. Users of the swup software update tool will benefit greatly from this. Some programs are staticly linked with this library and have been recomplied using the new release of zlib as part of the build environment. Also some programs have parts of the zlib source code copied into their own source code, and may therefore be vulnerable. These will be updated when analysis tells us that they are in fact vulnerable. Following is a list of the updated packages: - zlib (Upgrade: 1.1.4-1tr) - openssh (Rebuild: 3.1.0p1-2tr) - postgresql (Rebuild: 7.1.2-4tr) - mysql (Rebuild: 3.23.47-2tr) - rpm (Rebuild: 3.0.6-7tr) - rsync (Upgrade: 2.5.4-1tr) - kernel (Patch: 2.2.20-2tr) - sash (Upgrade: 3.5-1tr) - ppp (Ugrade/patch: 2.4.1-1tr) We have also included some of the updates that have been in the public testing directories for a while: 1.5: man and procmail 1.2: apache apache-ssl Solution: Update your system with the packages as indicated in the referenced security advisory. http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2002-0040 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com