Debian DSA-797-2 : zsync - denial of service

High Nessus Plugin ID 19567

Synopsis

The remote Debian host is missing a security-related update.

Description

zsync, a file transfer program, includes a modified local copy of the zlib library, and is vulnerable to certain bugs fixed previously in the zlib package.

There was a build error for the sarge i386 proftpd packages released in DSA 797-1. A new build, zsync_0.3.3-1.sarge.1.2, has been prepared to correct this error. The packages for other architectures are unaffected.

Solution

Upgrade the zsync package.

The old stable distribution (woody) does not contain the zsync package.

For the stable distribution (sarge) this problem has been fixed in version 0.3.3-1.sarge.1.

See Also

http://www.debian.org/security/2005/dsa-797

Plugin Details

Severity: High

ID: 19567

File Name: debian_DSA-797.nasl

Version: 1.18

Type: local

Agent: unix

Published: 2005/09/06

Updated: 2019/08/02

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:zsync, cpe:/o:debian:debian_linux:3.1

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Vulnerability Publication Date: 2005/07/07

Reference Information

CVE: CVE-2005-1849, CVE-2005-2096

DSA: 797