Debian DSA-797-2 : zsync - denial of service

High Nessus Plugin ID 19567


The remote Debian host is missing a security-related update.


zsync, a file transfer program, includes a modified local copy of the zlib library, and is vulnerable to certain bugs fixed previously in the zlib package.

There was a build error for the sarge i386 proftpd packages released in DSA 797-1. A new build, zsync_0.3.3-1.sarge.1.2, has been prepared to correct this error. The packages for other architectures are unaffected.


Upgrade the zsync package.

The old stable distribution (woody) does not contain the zsync package.

For the stable distribution (sarge) this problem has been fixed in version 0.3.3-1.sarge.1.

See Also

Plugin Details

Severity: High

ID: 19567

File Name: debian_DSA-797.nasl

Version: 1.18

Type: local

Agent: unix

Published: 2005/09/06

Updated: 2019/08/02

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:zsync, cpe:/o:debian:debian_linux:3.1

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Vulnerability Publication Date: 2005/07/07

Reference Information

CVE: CVE-2005-1849, CVE-2005-2096

DSA: 797