Test ID:	1.3.6.1.4.1.25623.1.0.54180
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-148-1 (zlib)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to zlib announced via advisory USN-148-1. A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: zlib1g Tavis Ormandy discovered that zlib did not properly verify data streams. Decompressing certain invalid compressed files caused corruption of internal data structures, which caused applications which link to zlib to crash. Specially crafted input might even have allowed arbitrary code execution. zlib is used by hundreds of server and client applications, so this vulnerability could be exploited to cause Denial of Service attacks to almost all services provided by an Ubuntu system. Solution: The problem can be corrected by upgrading the affected package to version 1:1.2.1.1-3ubuntu1.1 (for Ubuntu 4.10), or 1:1.2.2-4ubuntu1.1 (for Ubuntu 5.04). A standard system upgrade is NOT SUFFICIENT to effect the necessary changes! If you can afford to reboot your machine, this is the easiest way to ensure that all services using this library are restarted correctly. If not, please manually restart all server applications. http://www.securityspace.com/smysecure/catid.html?in=USN-148-1 Risk factor : High CVSS Score: 7.5
Cross-Ref:	BugTraq ID: 14162 Common Vulnerability Exposure (CVE) ID: CVE-2005-2096 1014398 http://securitytracker.com/id?1014398 101989 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101989-1 14162 http://www.securityfocus.com/bid/14162 15949 http://secunia.com/advisories/15949 17054 http://secunia.com/advisories/17054 17225 http://secunia.com/advisories/17225 17236 http://secunia.com/advisories/17236 17326 http://secunia.com/advisories/17326 17516 http://secunia.com/advisories/17516 18377 http://secunia.com/advisories/18377 18406 http://secunia.com/advisories/18406 18507 http://secunia.com/advisories/18507 19550 http://secunia.com/advisories/19550 19597 http://secunia.com/advisories/19597 20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates http://www.securityfocus.com/archive/1/464745/100/0/threaded 20071018 Official Windows binaries of "curl" contain vulnerable zlib 1.2.2 (CAN-2005-2096) http://www.securityfocus.com/archive/1/482505/100/0/threaded 20071018 Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096) http://www.securityfocus.com/archive/1/482503/100/0/threaded 20071020 Re: Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096) http://www.securityfocus.com/archive/1/482571/100/0/threaded 20071021 Re: Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096) http://www.securityfocus.com/archive/1/482601/100/0/threaded 20071029 Re: Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096) http://www.securityfocus.com/archive/1/482949/100/0/threaded 20071029 Windows binary of "Virtual Floppy Drive 2.1" contains vulnerable zlib (CAN-2005-2096) http://www.securityfocus.com/archive/1/482950/100/0/threaded 24788 http://secunia.com/advisories/24788 31492 http://secunia.com/advisories/31492 32706 http://secunia.com/advisories/32706 ADV-2005-0978 http://www.vupen.com/english/advisories/2005/0978 ADV-2006-0144 http://www.vupen.com/english/advisories/2006/0144 ADV-2007-1267 http://www.vupen.com/english/advisories/2007/1267 APPLE-SA-2005-08-15 http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html APPLE-SA-2005-08-17 http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html APPLE-SA-2008-11-13 http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html DSA-1026 http://www.debian.org/security/2006/dsa-1026 DSA-740 http://www.debian.org/security/2005/dsa-740 DSA-797 http://www.debian.org/security/2005/dsa-797 FLSA:162680 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162680 FreeBSD-SA-05:16.zlib ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:16.zlib.asc GLSA-200507-05 http://security.gentoo.org/glsa/glsa-200507-05.xml GLSA-200509-18 http://www.gentoo.org/security/en/glsa/glsa-200509-18.xml HPSBUX02090 http://www.securityfocus.com/archive/1/421411/100/0/threaded MDKSA-2005:112 http://www.mandriva.com/security/advisories?name=MDKSA-2005:112 MDKSA-2005:196 http://www.mandriva.com/security/advisories?name=MDKSA-2005:196 MDKSA-2006:070 http://www.mandriva.com/security/advisories?name=MDKSA-2006:070 RHSA-2005:569 http://www.redhat.com/support/errata/RHSA-2005-569.html RHSA-2008:0629 http://www.redhat.com/support/errata/RHSA-2008-0629.html SCOSA-2006.6 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt SSRT051058 USN-148-1 https://usn.ubuntu.com/148-1/ USN-151-3 http://www.ubuntulinux.org/usn/usn-151-3 VU#680620 http://www.kb.cert.org/vuls/id/680620 hpux-secure-shell-dos(24064) https://exchange.xforce.ibmcloud.com/vulnerabilities/24064 http://support.apple.com/kb/HT3298 http://support.avaya.com/elmodocs2/security/ASA-2006-016.htm http://www.vmware.com/support/vi3/doc/esx-3616065-patch.html http://www.vmware.com/support/vi3/doc/esx-9916286-patch.html https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162391 oval:org.mitre.oval:def:11500 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11500 oval:org.mitre.oval:def:1262 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1262 oval:org.mitre.oval:def:1542 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1542
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.