English | Deutsch | Español | Português
 UserID:
 Passwd:
 new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   		     Search 94899 CVE descriptions
and 51984 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.54407
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-151-1 (zlib)
Summary:Ubuntu USN-151-1 (zlib)
Description:Description:

The remote host is missing an update to zlib
announced via advisory USN-151-1.

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected: zlib1g

USN-148-1 fixed an improver input verification of zlib
(CVE-2005-2096). Markus Oberhumer discovered additional ways a
disrupted stream could trigger a buffer overflow and crash the
application using zlib, so another update is necessary.

zlib is used by hundreds of server and client applications, so this
vulnerability could be exploited to cause Denial of Service attacks to
almost all services provided by an Ubuntu system.

Solution:
The problem can be corrected by upgrading the affected package to
version 1:1.2.1.1-3ubuntu1.2 (for Ubuntu 4.10), or 1:1.2.2-4ubuntu1.2
(for Ubuntu 5.04).

A standard system upgrade is NOT SUFFICIENT to effect the necessary
changes! If you can afford to reboot your machine, this is the easiest
way to ensure that all services using this library are restarted
correctly. If not, please manually restart all server applications.

http://www.securityspace.com/smysecure/catid.html?in=USN-151-1

Risk factor : High

CVSS Score:
7.5

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-1849
Bugtraq: 20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates (Google Search)
http://www.securityfocus.com/archive/1/archive/1/464745/100/0/threaded
http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
Debian Security Information: DSA-763 (Google Search)
http://www.debian.org/security/2005/dsa-763
Debian Security Information: DSA-797 (Google Search)
http://www.debian.org/security/2005/dsa-797
Debian Security Information: DSA-1026 (Google Search)
http://www.debian.org/security/2006/dsa-1026
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162680
http://www.gentoo.org/security/en/glsa/glsa-200509-18.xml
http://www.gentoo.org/security/en/glsa/glsa-200603-18.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:196
http://www.mandriva.com/security/advisories?name=MDKSA-2006:070
http://www.redhat.com/support/errata/RHSA-2005-584.html
http://www.redhat.com/support/errata/RHSA-2008-0629.html
SCO Security Bulletin: SCOSA-2006.6
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt
SuSE Security Announcement: SUSE-SA:2005:043 (Google Search)
http://www.novell.com/linux/security/advisories/2005_43_zlib.html
http://www.ubuntulinux.org/usn/usn-151-3
http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.diff.gz
BugTraq ID: 14340
http://www.securityfocus.com/bid/14340
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11402
http://www.vupen.com/english/advisories/2007/1267
http://www.osvdb.org/18141
http://securitytracker.com/id?1014540
http://secunia.com/advisories/16137
http://secunia.com/advisories/18377
http://secunia.com/advisories/17326
http://secunia.com/advisories/17516
http://secunia.com/advisories/19550
http://secunia.com/advisories/19334
http://secunia.com/advisories/19597
http://secunia.com/advisories/24788
http://secunia.com/advisories/31492
XForce ISS Database: zlib-codetable-dos(21456)
http://xforce.iss.net/xforce/xfdb/21456
Common Vulnerability Exposure (CVE) ID: CVE-2005-2096
Bugtraq: 20071021 Re: Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096) (Google Search)
http://www.securityfocus.com/archive/1/archive/1/482949/100/0/threaded
Bugtraq: 20071029 Windows binary of "Virtual Floppy Drive 2.1" contains vulnerable zlib (CAN-2005-2096) (Google Search)
http://www.securityfocus.com/archive/1/archive/1/482950/100/0/threaded
Bugtraq: 20071018 Official Windows binaries of "curl" contain vulnerable zlib 1.2.2 (CAN-2005-2096) (Google Search)
http://www.securityfocus.com/archive/1/archive/1/482505/100/0/threaded
Bugtraq: 20071018 Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096) (Google Search)
http://www.securityfocus.com/archive/1/archive/1/482503/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/482571/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/482601/100/0/threaded
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162391
http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html
Debian Security Information: DSA-740 (Google Search)
http://www.debian.org/security/2005/dsa-740
FreeBSD Security Advisory: FreeBSD-SA-05:16.zlib
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:16.zlib.asc
http://security.gentoo.org/glsa/glsa-200507-05.xml
HPdes Security Advisory: HPSBUX02090
http://www.securityfocus.com/archive/1/archive/1/421411/100/0/threaded
HPdes Security Advisory: SSRT051058
http://www.mandriva.com/security/advisories?name=MDKSA-2005:112
http://www.redhat.com/support/errata/RHSA-2005-569.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101989-1
SuSE Security Announcement: SUSE-SA:2005:039 (Google Search)
http://www.ubuntulinux.org/support/documentation/usn/usn-148-1
CERT/CC vulnerability note: VU#680620
http://www.kb.cert.org/vuls/id/680620
BugTraq ID: 14162
http://www.securityfocus.com/bid/14162
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11500
http://secunia.com/advisories/32706
http://www.vupen.com/english/advisories/2005/0978
http://www.vupen.com/english/advisories/2006/0144
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1262
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1542
http://securitytracker.com/id?1014398
http://secunia.com/advisories/15949
http://secunia.com/advisories/18406
http://secunia.com/advisories/17054
http://secunia.com/advisories/17225
http://secunia.com/advisories/17236
http://secunia.com/advisories/18507
XForce ISS Database: hpux-secure-shell-dos(24064)
http://xforce.iss.net/xforce/xfdb/24064
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 51984 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  
 Forgot userid or passwd?
Email/Userid:



Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2016 E-Soft Inc. All rights reserved.