Gentoo Security Advisory GLSA 200408-26 (zlib) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200408-26.

Solution

All zlib users should upgrade to the latest version: # emerge sync # emerge -pv '>=sys-libs/zlib-1.2.1-r3' # emerge '>=sys-libs/zlib-1.2.1-r3' You should also run revdep-rebuild to rebuild any packages that depend on older versions of zlib : # revdep-rebuild Please note that any packages which have the zlib library compiled statically will not show up using revdep-rebuild. You will need to locate those packages manually and then remerge them. http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200408-26 http://bugs.gentoo.org/show_bug.cgi?id=61749 http://www.openpkg.org/security/OpenPKG-SA-2004.038-zlib.html

Insight

The zlib library contains a Denial of Service vulnerability.

Severity

Classification

CVE CVE-2004-0797

CVSS	Base Score: 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Gentoo Security Advisory GLSA 200511-06 (fetchmail)
Gentoo Security Advisory GLSA 200611-13 (avahi)
Gentoo Security Advisory GLSA 200709-04 (po4a)
Gentoo Security Advisory GLSA 200412-11 (cscope)
Gentoo Security Advisory GLSA 200408-16 (glibc)

Take action and discover your vulnerabilities