Debian Local Security Checks : Debian: Security Advisory (DSA-1974-1)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.66771
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1974-1)
Summary:	The remote host is missing an update for the Debian 'gzip' package(s) announced via the DSA-1974-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'gzip' package(s) announced via the DSA-1974-1 advisory. Vulnerability Insight: Several vulnerabilities have been found in gzip, the GNU compression utilities. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2624 Thiemo Nagel discovered a missing input sanitation flaw in the way gzip used to decompress data blocks for dynamic Huffman codes, which could lead to the execution of arbitrary code when trying to decompress a crafted archive. This issue is a reappearance of CVE-2006-4334 and only affects the lenny version. CVE-2010-0001 Aki Helin discovered an integer underflow when decompressing files that are compressed using the LZW algorithm. This could lead to the execution of arbitrary code when trying to decompress a crafted LZW compressed gzip archive. For the stable distribution (lenny), these problems have been fixed in version 1.3.12-6+lenny1. For the oldstable distribution (etch), these problems have been fixed in version 1.3.5-15+etch1. For the testing distribution (squeeze) and the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your gzip packages. Affected Software/OS: 'gzip' package(s) on Debian 4, Debian 5. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-4334 1016883 http://securitytracker.com/id?1016883 102766 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102766-1 2006-0052 http://www.trustix.org/errata/2006/0052/ 20060919 rPSA-2006-0170-1 gzip http://www.securityfocus.com/archive/1/446426/100/0/threaded 20061001-01-P ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc 20070330 VMSA-2007-0002 VMware ESX security updates http://www.securityfocus.com/archive/1/464268/100/0/threaded 20101 http://www.securityfocus.com/bid/20101 21996 http://secunia.com/advisories/21996 22002 http://secunia.com/advisories/22002 22009 http://secunia.com/advisories/22009 22012 http://secunia.com/advisories/22012 22017 http://secunia.com/advisories/22017 22027 http://secunia.com/advisories/22027 22033 http://secunia.com/advisories/22033 22034 http://secunia.com/advisories/22034 22043 http://secunia.com/advisories/22043 22085 http://secunia.com/advisories/22085 22101 http://secunia.com/advisories/22101 22435 http://secunia.com/advisories/22435 22487 http://secunia.com/advisories/22487 22661 http://secunia.com/advisories/22661 23155 http://secunia.com/advisories/23155 23679 http://secunia.com/advisories/23679 24435 http://secunia.com/advisories/24435 24636 http://secunia.com/advisories/24636 ADV-2006-4275 http://www.vupen.com/english/advisories/2006/4275 ADV-2006-4750 http://www.vupen.com/english/advisories/2006/4750 ADV-2007-0092 http://www.vupen.com/english/advisories/2007/0092 ADV-2007-0832 http://www.vupen.com/english/advisories/2007/0832 ADV-2007-1171 http://www.vupen.com/english/advisories/2007/1171 APPLE-SA-2006-11-28 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html DSA-1181 http://www.us.debian.org/security/2006/dsa-1181 FLSA:211760 http://www.securityfocus.com/archive/1/451324/100/0/threaded FreeBSD-SA-06:21 http://security.freebsd.org/advisories/FreeBSD-SA-06:21.gzip.asc GLSA-200609-13 http://security.gentoo.org/glsa/glsa-200609-13.xml HPSBTU02168 http://www.securityfocus.com/archive/1/450078/100/0/threaded HPSBUX02195 http://www.securityfocus.com/archive/1/462007/100/0/threaded MDKSA-2006:167 http://www.mandriva.com/security/advisories?name=MDKSA-2006:167 OpenPKG-SA-2006.020 http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.020-gzip.html RHSA-2006:0667 http://www.redhat.com/support/errata/RHSA-2006-0667.html SSA:2006-262 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852 SSRT061237 SUSE-SA:2006:056 http://www.novell.com/linux/security/advisories/2006_56_gzip.html TA06-333A http://www.us-cert.gov/cas/techalerts/TA06-333A.html USN-349-1 http://www.ubuntu.com/usn/usn-349-1 VU#933712 http://www.kb.cert.org/vuls/id/933712 gzip-huftbuild-code-execution(29038) https://exchange.xforce.ibmcloud.com/vulnerabilities/29038 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676 http://docs.info.apple.com/article.html?artnum=304829 http://support.avaya.com/elmodocs2/security/ASA-2006-218.htm http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html https://issues.rpath.com/browse/RPL-615 oval:org.mitre.oval:def:10527 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10527 Common Vulnerability Exposure (CVE) ID: CVE-2009-2624 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html Debian Security Information: DSA-1974 (Google Search) http://www.debian.org/security/2010/dsa-1974 http://www.mandriva.com/security/advisories?name=MDVSA-2010:020 http://article.gmane.org/gmane.comp.gnu.gzip.bugs/258 http://secunia.com/advisories/38132 http://secunia.com/advisories/38223 http://secunia.com/advisories/38232 SuSE Security Announcement: SUSE-SA:2010:008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://www.ubuntu.com/usn/USN-889-1 http://www.vupen.com/english/advisories/2010/0185 Common Vulnerability Exposure (CVE) ID: CVE-2010-0001 1023490 http://securitytracker.com/id?1023490 38220 http://secunia.com/advisories/38220 38223 38225 http://secunia.com/advisories/38225 38232 40551 http://secunia.com/advisories/40551 40655 http://secunia.com/advisories/40655 40689 http://secunia.com/advisories/40689 61869 http://www.osvdb.org/61869 ADV-2010-0185 ADV-2010-1796 http://www.vupen.com/english/advisories/2010/1796 ADV-2010-1872 http://www.vupen.com/english/advisories/2010/1872 APPLE-SA-2010-11-10-1 DSA-1974 DSA-2074 http://www.debian.org/security/2010/dsa-2074 HPSBMA02554 http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083 MDVSA-2010:019 http://www.mandriva.com/security/advisories?name=MDVSA-2010:019 MDVSA-2010:020 MDVSA-2011:152 http://www.mandriva.com/security/advisories?name=MDVSA-2011:152 RHSA-2010:0061 http://www.redhat.com/support/errata/RHSA-2010-0061.html RHSA-2010:0095 https://rhn.redhat.com/errata/RHSA-2010-0095.html SSRT100018 SUSE-SA:2010:008 USN-889-1 http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=a3db5806d012082b9e25cc36d09f19cd736a468f http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://ncompress.sourceforge.net/#status http://savannah.gnu.org/forum/forum.php?forum_id=6153 http://support.apple.com/kb/HT4435 https://bugzilla.redhat.com/show_bug.cgi?id=554418 oval:org.mitre.oval:def:10546 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10546 oval:org.mitre.oval:def:7511 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7511
Copyright	Copyright (C) 2010 Greenbone AG