How to Buy
This script is Copyright (C) 2005-2016 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
Updated zlib packages that fix a buffer overflow are now available for
Red Hat Enterprise Linux 4.
This update has been rated as having important security impact by the
Red Hat Security Response Team.
Zlib is a general-purpose lossless data compression library that is
used by many different programs.
A previous zlib update, RHSA-2005:569 (CVE-2005-2096) fixed a flaw in
zlib that could allow a carefully crafted compressed stream to crash
an application. While the original patch corrected the reported
overflow, Markus Oberhumer discovered additional ways a stream could
trigger an overflow. An attacker could create a carefully crafted
compressed stream that would cause an application to crash if the
stream is opened by a user. As an example, an attacker could create a
malicious PNG image file that would cause a Web browser or mail viewer
to crash if the image is viewed. The Common Vulnerabilities and
Exposures project (cve.mitre.org) assigned the name CVE-2005-1849 to
Note that the versions of zlib shipped with Red Hat Enterprise Linux
2.1 and 3 are not vulnerable to this issue.
All users should update to these errata packages that contain a patch
from Mark Adler that corrects this issue.
See also :
Update the affected zlib and / or zlib-devel packages.
Risk factor :
Medium / CVSS Base Score : 5.0
Family: Red Hat Local Security Checks
Nessus Plugin ID: 19284 ()
CVE ID: CVE-2005-1849
Nessus Professional: Scan unlimited IPs, run compliance checks & moreNessus Cloud: The power of Nessus for teams – from the cloud
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.