Conectiva Local Security Checks : Conectiva Security Advisory CLA-2004:865

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51361

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLA-2004:865

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLA-2004:865.

zlib[1] is a compression library used by several programs.

Due to a Debian bug report[2], a denial of service vulnerability[2]
was discovered in the zlib compression library versions 1.2.x, in the
inflate() and inflateBack() functions. An attacker could exploit
this vulnerability to launch a denial of service attack on any
application using the zlib library. Older versions of zlib are not
affected.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.gzip.org/zlib/
http://bugs.debian.org/252253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0797
http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:865
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004

Risk factor : Medium

CVSS Score:
2.1

Referencia Cruzada: BugTraq ID: 11051
Common Vulnerability Exposure (CVE) ID: CVE-2004-0797
http://www.securityfocus.com/bid/11051
Bugtraq: 20040825 [OpenPKG-SA-2004.038] OpenPKG Security Advisory (zlib) (Google Search)
http://marc.info/?l=bugtraq&m=109353792914900&w=2
CERT/CC vulnerability note: VU#238678
http://www.kb.cert.org/vuls/id/238678
Conectiva Linux advisory: CLA-2004:865
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000865
Conectiva Linux advisory: CLA-2004:878
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000878
https://bugzilla.fedora.us/show_bug.cgi?id=2043
http://security.gentoo.org/glsa/glsa-200408-26.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:090
OpenBSD Security Advisory: 20040829 017: RELIABILITY FIX: August 29, 2004
http://www.osvdb.org/9360
http://www.osvdb.org/9361
SCO Security Bulletin: SCOSA-2004.17
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.17/SCOSA-2004.17.txt
SCO Security Bulletin: SCOSA-2006.6
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt
http://securitytracker.com/id?1011085
http://secunia.com/advisories/11129
http://secunia.com/advisories/17054
http://secunia.com/advisories/18377
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.319160
SuSE Security Announcement: SUSE-SA:2004:029 (Google Search)
http://www.novell.com/linux/security/advisories/2004_29_zlib.html
XForce ISS Database: zlib-inflate-inflateback-dos(17119)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17119

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51361
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2004:865
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2004:865. zlib[1] is a compression library used by several programs. Due to a Debian bug report[2], a denial of service vulnerability[2] was discovered in the zlib compression library versions 1.2.x, in the inflate() and inflateBack() functions. An attacker could exploit this vulnerability to launch a denial of service attack on any application using the zlib library. Older versions of zlib are not affected. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.gzip.org/zlib/ http://bugs.debian.org/252253 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0797 http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:865 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004 Risk factor : Medium CVSS Score: 2.1
Referencia Cruzada:	BugTraq ID: 11051 Common Vulnerability Exposure (CVE) ID: CVE-2004-0797 http://www.securityfocus.com/bid/11051 Bugtraq: 20040825 [OpenPKG-SA-2004.038] OpenPKG Security Advisory (zlib) (Google Search) http://marc.info/?l=bugtraq&m=109353792914900&w=2 CERT/CC vulnerability note: VU#238678 http://www.kb.cert.org/vuls/id/238678 Conectiva Linux advisory: CLA-2004:865 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000865 Conectiva Linux advisory: CLA-2004:878 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000878 https://bugzilla.fedora.us/show_bug.cgi?id=2043 http://security.gentoo.org/glsa/glsa-200408-26.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:090 OpenBSD Security Advisory: 20040829 017: RELIABILITY FIX: August 29, 2004 http://www.osvdb.org/9360 http://www.osvdb.org/9361 SCO Security Bulletin: SCOSA-2004.17 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.17/SCOSA-2004.17.txt SCO Security Bulletin: SCOSA-2006.6 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt http://securitytracker.com/id?1011085 http://secunia.com/advisories/11129 http://secunia.com/advisories/17054 http://secunia.com/advisories/18377 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.319160 SuSE Security Announcement: SUSE-SA:2004:029 (Google Search) http://www.novell.com/linux/security/advisories/2004_29_zlib.html XForce ISS Database: zlib-inflate-inflateback-dos(17119) https://exchange.xforce.ibmcloud.com/vulnerabilities/17119
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com