Test ID:	1.3.6.1.4.1.25623.1.0.54231
Category:	Trustix Local Security Checks
Title:	Trustix Security Advisory TSLSA-2002-0040 (Multiple packages)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory TSLSA-2002-0040. zlib version 1.1.3 and lower contains a vulnerability which, in a worst case scenario, might allow an attacker to execute arbitary code. This problem is solved by upgrading to the new release of zlib. All programs which are dynamicly linked with this library needs to be restarted after the zlib upgrade. This include, among others: openssh and postgresql. To ensure that these services are in fact restarted, the TSL-team have upgraded them aswell. Users of the swup software update tool will benefit greatly from this. Some programs are staticly linked with this library and have been recomplied using the new release of zlib as part of the build environment. Also some programs have parts of the zlib source code copied into their own source code, and may therefore be vulnerable. These will be updated when analysis tells us that they are in fact vulnerable. Following is a list of the updated packages: - zlib (Upgrade: 1.1.4-1tr) - openssh (Rebuild: 3.1.0p1-2tr) - postgresql (Rebuild: 7.1.2-4tr) - mysql (Rebuild: 3.23.47-2tr) - rpm (Rebuild: 3.0.6-7tr) - rsync (Upgrade: 2.5.4-1tr) - kernel (Patch: 2.2.20-2tr) - sash (Upgrade: 3.5-1tr) - ppp (Ugrade/patch: 2.4.1-1tr) We have also included some of the updates that have been in the public testing directories for a while: 1.5: man and procmail 1.2: apache apache-ssl Solution: Update your system with the packages as indicated in the referenced security advisory. http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2002-0040 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.