Debian DSA-797-2 : zsync - denial of service

high Nessus Plugin ID 19567

Synopsis

The remote Debian host is missing a security-related update.

Description

zsync, a file transfer program, includes a modified local copy of the zlib library, and is vulnerable to certain bugs fixed previously in the zlib package.

There was a build error for the sarge i386 proftpd packages released in DSA 797-1. A new build, zsync_0.3.3-1.sarge.1.2, has been prepared to correct this error. The packages for other architectures are unaffected.

Solution

Upgrade the zsync package.

The old stable distribution (woody) does not contain the zsync package.

For the stable distribution (sarge) this problem has been fixed in version 0.3.3-1.sarge.1.

See Also

http://www.debian.org/security/2005/dsa-797

Plugin Details

Severity: High

ID: 19567

File Name: debian_DSA-797.nasl

Version: 1.19

Type: local

Agent: unix

Published: 9/6/2005

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:zsync, cpe:/o:debian:debian_linux:3.1

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Vulnerability Publication Date: 7/7/2005

Reference Information

CVE: CVE-2005-1849, CVE-2005-2096

DSA: 797