Test Kennung:	1.3.6.1.4.1.25623.1.0.66771
Kategorie:	Debian Local Security Checks
Titel:	Debian Security Advisory DSA 1974-1 (gzip)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to gzip announced via advisory DSA 1974-1. Several vulnerabilities have been found in gzip, the GNU compression utilities. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2624 Thiemo Nagel discovered a missing input sanitation flaw in the way gzip used to decompress data blocks for dynamic Huffman codes, which could lead to the execution of arbitrary code when trying to decompress a crafted archive. This issue is a reappearance of CVE-2006-4334 and only affects the lenny version. CVE-2010-0001 Aki Helin discovered an integer underflow when decompressing files that are compressed using the LZW algorithm. This could lead to the execution of arbitrary code when trying to decompress a crafted LZW compressed gzip archive. For the stable distribution (lenny), these problems have been fixed in version 1.3.12-6+lenny1. For the oldstable distribution (etch), these problems have been fixed in version 1.3.5-15+etch1. For the testing distribution (squeeze) and the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your gzip packages. Solution: http://www.securityspace.com/smysecure/catid.html?in=DSA%201974-1 CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2624 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html Debian Security Information: DSA-1974 (Google Search) http://www.debian.org/security/2010/dsa-1974 http://www.mandriva.com/security/advisories?name=MDVSA-2010:020 http://article.gmane.org/gmane.comp.gnu.gzip.bugs/258 http://secunia.com/advisories/38132 http://secunia.com/advisories/38223 http://secunia.com/advisories/38232 SuSE Security Announcement: SUSE-SA:2010:008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://www.ubuntu.com/usn/USN-889-1 http://www.vupen.com/english/advisories/2010/0185 Common Vulnerability Exposure (CVE) ID: CVE-2010-0001 Debian Security Information: DSA-2074 (Google Search) http://www.debian.org/security/2010/dsa-2074 HPdes Security Advisory: HPSBMA02554 http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083 HPdes Security Advisory: SSRT100018 http://www.mandriva.com/security/advisories?name=MDVSA-2010:019 http://www.mandriva.com/security/advisories?name=MDVSA-2011:152 http://www.osvdb.org/61869 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10546 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7511 http://www.redhat.com/support/errata/RHSA-2010-0061.html RedHat Security Advisories: RHSA-2010:0095 https://rhn.redhat.com/errata/RHSA-2010-0095.html http://securitytracker.com/id?1023490 http://secunia.com/advisories/38220 http://secunia.com/advisories/38225 http://secunia.com/advisories/40551 http://secunia.com/advisories/40655 http://secunia.com/advisories/40689 http://www.vupen.com/english/advisories/2010/1796 http://www.vupen.com/english/advisories/2010/1872 Common Vulnerability Exposure (CVE) ID: CVE-2006-4334 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html BugTraq ID: 20101 http://www.securityfocus.com/bid/20101 Bugtraq: 20060919 rPSA-2006-0170-1 gzip (Google Search) http://www.securityfocus.com/archive/1/446426/100/0/threaded Bugtraq: 20070330 VMSA-2007-0002 VMware ESX security updates (Google Search) http://www.securityfocus.com/archive/1/464268/100/0/threaded Cert/CC Advisory: TA06-333A http://www.us-cert.gov/cas/techalerts/TA06-333A.html CERT/CC vulnerability note: VU#933712 http://www.kb.cert.org/vuls/id/933712 Debian Security Information: DSA-1181 (Google Search) http://www.us.debian.org/security/2006/dsa-1181 http://www.securityfocus.com/archive/1/451324/100/0/threaded FreeBSD Security Advisory: FreeBSD-SA-06:21 http://security.freebsd.org/advisories/FreeBSD-SA-06:21.gzip.asc http://security.gentoo.org/glsa/glsa-200609-13.xml HPdes Security Advisory: HPSBTU02168 http://www.securityfocus.com/archive/1/450078/100/0/threaded HPdes Security Advisory: HPSBUX02195 http://www.securityfocus.com/archive/1/462007/100/0/threaded HPdes Security Advisory: SSRT061237 http://www.mandriva.com/security/advisories?name=MDKSA-2006:167 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676 http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.020-gzip.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10527 http://www.redhat.com/support/errata/RHSA-2006-0667.html http://securitytracker.com/id?1016883 http://secunia.com/advisories/21996 http://secunia.com/advisories/22002 http://secunia.com/advisories/22009 http://secunia.com/advisories/22012 http://secunia.com/advisories/22017 http://secunia.com/advisories/22027 http://secunia.com/advisories/22033 http://secunia.com/advisories/22034 http://secunia.com/advisories/22043 http://secunia.com/advisories/22085 http://secunia.com/advisories/22101 http://secunia.com/advisories/22435 http://secunia.com/advisories/22487 http://secunia.com/advisories/22661 http://secunia.com/advisories/23155 http://secunia.com/advisories/23679 http://secunia.com/advisories/24435 http://secunia.com/advisories/24636 SGI Security Advisory: 20061001-01-P ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102766-1 SuSE Security Announcement: SUSE-SA:2006:056 (Google Search) http://www.novell.com/linux/security/advisories/2006_56_gzip.html http://www.trustix.org/errata/2006/0052/ http://www.ubuntu.com/usn/usn-349-1 http://www.vupen.com/english/advisories/2006/4275 http://www.vupen.com/english/advisories/2006/4750 http://www.vupen.com/english/advisories/2007/0092 http://www.vupen.com/english/advisories/2007/0832 http://www.vupen.com/english/advisories/2007/1171 XForce ISS Database: gzip-huftbuild-code-execution(29038) https://exchange.xforce.ibmcloud.com/vulnerabilities/29038
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.