Test ID:	1.3.6.1.4.1.25623.1.0.57385
Category:	Slackware Local Security Checks
Title:	Slackware: Security Advisory (SSA:2006-262-01)
Summary:	The remote host is missing an update for the 'gzip' package(s) announced via the SSA:2006-262-01 advisory.
Description:	Summary: The remote host is missing an update for the 'gzip' package(s) announced via the SSA:2006-262-01 advisory. Vulnerability Insight: New gzip packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix possible security issues. More details about the issues fixed may be found in the Common Vulnerabilities and Exposures (CVE) database: [links moved to references] Here are the details from the Slackware 10.2 ChangeLog: +--------------------------+ patches/packages/gzip-1.3.5-i486-1_slack10.2.tgz: Upgraded to gzip-1.3.5, and fixed a variety of bugs. Some of the bugs have possible security implications if gzip or its tools are fed a carefully constructed malicious archive. Most of these issues were recently discovered by Tavis Ormandy and the Google Security Team. Thanks to them, and also to the ALT and Owl developers for cleaning up the patch. For further details about the issues fixed, please see: [links moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'gzip' package(s) on Slackware 8.1, Slackware 9.0, Slackware 9.1, Slackware 10.0, Slackware 10.1, Slackware 10.2, Slackware current. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0758 1013928 http://securitytracker.com/id?1013928 13582 http://www.securityfocus.com/bid/13582 16371 http://www.osvdb.org/16371 18100 http://secunia.com/advisories/18100 19183 http://secunia.com/advisories/19183 20060301-01-U ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc 22033 http://secunia.com/advisories/22033 25159 http://www.securityfocus.com/bid/25159 26235 http://secunia.com/advisories/26235 ADV-2007-2732 http://www.vupen.com/english/advisories/2007/2732 APPLE-SA-2007-07-31 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html FLSA:158801 http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html GLSA-200505-05 http://www.gentoo.org/security/en/glsa/glsa-200505-05.xml MDKSA-2006:026 http://www.mandriva.com/security/advisories?name=MDKSA-2006:026 MDKSA-2006:027 http://www.mandriva.com/security/advisories?name=MDKSA-2006:027 OpenPKG-SA-2007.002 http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html RHSA-2005:357 http://rhn.redhat.com/errata/RHSA-2005-357.html RHSA-2005:474 http://www.redhat.com/support/errata/RHSA-2005-474.html SCOSA-2005.58 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt SSA:2006-262 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852 USN-158-1 http://www.ubuntu.com/usn/usn-158-1 gzip-zgrep-file-installation(20539) https://exchange.xforce.ibmcloud.com/vulnerabilities/20539 http://bugs.gentoo.org/show_bug.cgi?id=90626 http://docs.info.apple.com/article.html?artnum=306172 oval:org.mitre.oval:def:1081 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1081 oval:org.mitre.oval:def:1107 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1107 oval:org.mitre.oval:def:9797 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9797 Common Vulnerability Exposure (CVE) ID: CVE-2005-0988 http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html BugTraq ID: 12996 http://www.securityfocus.com/bid/12996 BugTraq ID: 19289 http://www.securityfocus.com/bid/19289 Bugtraq: 20050404 gzip TOCTOU file-permissions vulnerability (Google Search) http://www.securityfocus.com/archive/1/394965 Cert/CC Advisory: TA06-214A http://www.us-cert.gov/cas/techalerts/TA06-214A.html Debian Security Information: DSA-752 (Google Search) http://www.debian.org/security/2005/dsa-752 http://www.osvdb.org/15487 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10242 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1169 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A765 RedHat Security Advisories: RHSA-2005:357 SCO Security Bulletin: SCOSA-2005.58 http://secunia.com/advisories/21253 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101816-1 http://www.vupen.com/english/advisories/2006/3101 Common Vulnerability Exposure (CVE) ID: CVE-2005-1228 Bugtraq: 20050420 gzip directory traversal vulnerability (Google Search) http://marc.info/?l=bugtraq&m=111402732406477&w=2 http://www.osvdb.org/15721 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11057 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A170 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A382 http://secunia.com/advisories/15047 XForce ISS Database: gzip-n-directory-traversal(20199) https://exchange.xforce.ibmcloud.com/vulnerabilities/20199 Common Vulnerability Exposure (CVE) ID: CVE-2006-4334 1016883 http://securitytracker.com/id?1016883 102766 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102766-1 2006-0052 http://www.trustix.org/errata/2006/0052/ 20060919 rPSA-2006-0170-1 gzip http://www.securityfocus.com/archive/1/446426/100/0/threaded 20061001-01-P ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc 20070330 VMSA-2007-0002 VMware ESX security updates http://www.securityfocus.com/archive/1/464268/100/0/threaded 20101 http://www.securityfocus.com/bid/20101 21996 http://secunia.com/advisories/21996 22002 http://secunia.com/advisories/22002 22009 http://secunia.com/advisories/22009 22012 http://secunia.com/advisories/22012 22017 http://secunia.com/advisories/22017 22027 http://secunia.com/advisories/22027 22034 http://secunia.com/advisories/22034 22043 http://secunia.com/advisories/22043 22085 http://secunia.com/advisories/22085 22101 http://secunia.com/advisories/22101 22435 http://secunia.com/advisories/22435 22487 http://secunia.com/advisories/22487 22661 http://secunia.com/advisories/22661 23155 http://secunia.com/advisories/23155 23679 http://secunia.com/advisories/23679 24435 http://secunia.com/advisories/24435 24636 http://secunia.com/advisories/24636 ADV-2006-4275 http://www.vupen.com/english/advisories/2006/4275 ADV-2006-4750 http://www.vupen.com/english/advisories/2006/4750 ADV-2007-0092 http://www.vupen.com/english/advisories/2007/0092 ADV-2007-0832 http://www.vupen.com/english/advisories/2007/0832 ADV-2007-1171 http://www.vupen.com/english/advisories/2007/1171 APPLE-SA-2006-11-28 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html DSA-1181 http://www.us.debian.org/security/2006/dsa-1181 FLSA:211760 http://www.securityfocus.com/archive/1/451324/100/0/threaded FreeBSD-SA-06:21 http://security.freebsd.org/advisories/FreeBSD-SA-06:21.gzip.asc GLSA-200609-13 http://security.gentoo.org/glsa/glsa-200609-13.xml HPSBTU02168 http://www.securityfocus.com/archive/1/450078/100/0/threaded HPSBUX02195 http://www.securityfocus.com/archive/1/462007/100/0/threaded MDKSA-2006:167 http://www.mandriva.com/security/advisories?name=MDKSA-2006:167 OpenPKG-SA-2006.020 http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.020-gzip.html RHSA-2006:0667 http://www.redhat.com/support/errata/RHSA-2006-0667.html SSRT061237 SUSE-SA:2006:056 http://www.novell.com/linux/security/advisories/2006_56_gzip.html TA06-333A http://www.us-cert.gov/cas/techalerts/TA06-333A.html USN-349-1 http://www.ubuntu.com/usn/usn-349-1 VU#933712 http://www.kb.cert.org/vuls/id/933712 gzip-huftbuild-code-execution(29038) https://exchange.xforce.ibmcloud.com/vulnerabilities/29038 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676 http://docs.info.apple.com/article.html?artnum=304829 http://support.avaya.com/elmodocs2/security/ASA-2006-218.htm http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html https://issues.rpath.com/browse/RPL-615 oval:org.mitre.oval:def:10527 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10527 Common Vulnerability Exposure (CVE) ID: CVE-2006-4335 23153 http://secunia.com/advisories/23153 23156 http://secunia.com/advisories/23156 ADV-2006-3695 http://www.vupen.com/english/advisories/2006/3695 ADV-2006-4760 http://www.vupen.com/english/advisories/2006/4760 GLSA-200611-24 http://www.gentoo.org/security/en/glsa/glsa-200611-24.xml VU#381508 http://www.kb.cert.org/vuls/id/381508 gzip-lzh-array-code-execution(29040) https://exchange.xforce.ibmcloud.com/vulnerabilities/29040 oval:org.mitre.oval:def:10391 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10391 Common Vulnerability Exposure (CVE) ID: CVE-2006-4336 VU#554780 http://www.kb.cert.org/vuls/id/554780 gzip-unpack-buffer-underflow(29042) https://exchange.xforce.ibmcloud.com/vulnerabilities/29042 oval:org.mitre.oval:def:10140 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10140 Common Vulnerability Exposure (CVE) ID: CVE-2006-4337 oval:org.mitre.oval:def:11212 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11212 Common Vulnerability Exposure (CVE) ID: CVE-2006-4338 29008 http://www.osvdb.org/29008 gzip-lhz-dos(29046) https://exchange.xforce.ibmcloud.com/vulnerabilities/29046 oval:org.mitre.oval:def:11290 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11290
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.