How to Buy
This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
Updated Zlib packages that fix a buffer overflow are now available for
Red Hat Enterprise Linux 4.
This update has been rated as having important security impact by the
Red Hat Security Response Team.
Zlib is a general-purpose lossless data compression library which is
used by many different programs.
Tavis Ormandy discovered a buffer overflow affecting Zlib version 1.2
and above. An attacker could create a carefully crafted compressed
stream that would cause an application to crash if the stream is
opened by a user. As an example, an attacker could create a malicious
PNG image file which would cause a web browser or mail viewer to crash
if the image is viewed. The Common Vulnerabilities and Exposures
project assigned the name CVE-2005-2096 to this issue.
Please note that the versions of Zlib as shipped with Red Hat
Enterprise Linux 2.1 and 3 are not vulnerable to this issue.
All users should update to these erratum packages which contain a
patch from Mark Adler which corrects this issue.
See also :
Update the affected zlib and / or zlib-devel packages.
Risk factor :
High / CVSS Base Score : 7.5
Family: Red Hat Local Security Checks
Nessus Plugin ID: 18635 ()
CVE ID: CVE-2005-2096
Nessus Professional: Scan unlimited IPs, run compliance checks & moreNessus Cloud: The power of Nessus for teams – from the cloud
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.