MDKSA-2005:124 - Updated zlib packages fix vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: MDKSA-2005:124 - Updated zlib packages fix vulnerability
From: Mandriva Security Team <security@xxxxxxxxxxxx>
Date: Fri, 22 Jul 2005 17:09:34 -0600
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Sender: QATeam User <qateam@xxxxxxxxxxxxxxxxxxxx>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           zlib
 Advisory ID:            MDKSA-2005:124
 Date:                   July 22nd, 2005

 Affected versions:      10.0, 10.1, 10.2, Corporate 3.0,
                         Multi Network Firewall 2.0
 ______________________________________________________________________

 Problem Description:

 A previous zlib update (MDKSA-2005:112; CAN-2005-2096) fixed an overflow
 flaw in the zlib program.  While that update did indeed fix the reported
 overflow issue, Markus Oberhumber discovered additional ways that a
 specially-crafted compressed stream could trigger an overflow.  An
 attacker could create such a stream that would cause a linked
 application to crash if opened by a user.
 
 The updated packages are provided to protect against this flaw.  The
 Corporate Server 2.1 product is not affected by this vulnerability.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1849
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 860987335903c382c12e42448367676f  10.0/RPMS/zlib1-1.2.1-2.3.100mdk.i586.rpm
 e047a26f46031a57f896a1d36ccc52c3  
10.0/RPMS/zlib1-devel-1.2.1-2.3.100mdk.i586.rpm
 72ea4005316839b3c31b90d524c52d42  10.0/SRPMS/zlib-1.2.1-2.3.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 e6a94df40bc740d725731036e7f3db96  
amd64/10.0/RPMS/zlib1-1.2.1-2.3.100mdk.amd64.rpm
 890f9d6039a95f82365a7cb55e9017fb  
amd64/10.0/RPMS/zlib1-devel-1.2.1-2.3.100mdk.amd64.rpm
 72ea4005316839b3c31b90d524c52d42  
amd64/10.0/SRPMS/zlib-1.2.1-2.3.100mdk.src.rpm

 Mandrakelinux 10.1:
 58c3324f33d5586d1bcdde0aca4e5a79  10.1/RPMS/zlib1-1.2.1.1-3.2.101mdk.i586.rpm
 c0ccb2820937a05d8cc608701150f012  
10.1/RPMS/zlib1-devel-1.2.1.1-3.2.101mdk.i586.rpm
 17ad74eeed07fab9c8829dd546be6890  10.1/SRPMS/zlib-1.2.1.1-3.2.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 87e7046c0c876da2c94590ad6c98dafe  
x86_64/10.1/RPMS/zlib1-1.2.1.1-3.2.101mdk.x86_64.rpm
 f90e56e2ab04468abac0c08849a5260a  
x86_64/10.1/RPMS/zlib1-devel-1.2.1.1-3.2.101mdk.x86_64.rpm
 17ad74eeed07fab9c8829dd546be6890  
x86_64/10.1/SRPMS/zlib-1.2.1.1-3.2.101mdk.src.rpm

 Mandrakelinux 10.2:
 d30d7cfb002353a63f89ba382062a78e  10.2/RPMS/zlib1-1.2.2.2-2.2.102mdk.i586.rpm
 5c4a526d818a326fafd6c9e9672b3447  
10.2/RPMS/zlib1-devel-1.2.2.2-2.2.102mdk.i586.rpm
 543c843e6691904415c4c8bc45affe7c  10.2/SRPMS/zlib-1.2.2.2-2.2.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 c7c5d4fbeb2db2ffa27e6123958280a7  
x86_64/10.2/RPMS/zlib1-1.2.2.2-2.2.102mdk.x86_64.rpm
 dbc5bbd0220041e3594939e963bfb5da  
x86_64/10.2/RPMS/zlib1-devel-1.2.2.2-2.2.102mdk.x86_64.rpm
 543c843e6691904415c4c8bc45affe7c  
x86_64/10.2/SRPMS/zlib-1.2.2.2-2.2.102mdk.src.rpm

 Multi Network Firewall 2.0:
 631b3c1e87bbde27e99673d30c1e91c1  mnf/2.0/RPMS/zlib1-1.2.1-2.3.M20mdk.i586.rpm
 c3077bbfdaeb2c6fc1e5aed4f6b0e65b  mnf/2.0/SRPMS/zlib-1.2.1-2.3.M20mdk.src.rpm

 Corporate 3.0:
 2e66862f24760823bdaa26c20fbc7606  
corporate/3.0/RPMS/zlib1-1.2.1-2.3.C30mdk.i586.rpm
 d9cab4b4ab9a04eeee1b38ac7c3e5e5a  
corporate/3.0/RPMS/zlib1-devel-1.2.1-2.3.C30mdk.i586.rpm
 ae75fabf010504e1b0f84f79e50c5753  
corporate/3.0/SRPMS/zlib-1.2.1-2.3.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 92ef33342acbfa125fb45e84a591cf3f  
x86_64/corporate/3.0/RPMS/zlib1-1.2.1-2.3.C30mdk.x86_64.rpm
 b884c537207635c8d1ca5ac9bcfed24a  
x86_64/corporate/3.0/RPMS/zlib1-devel-1.2.1-2.3.C30mdk.x86_64.rpm
 ae75fabf010504e1b0f84f79e50c5753  
x86_64/corporate/3.0/SRPMS/zlib-1.2.1-2.3.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC4XyumqjQ0CJFipgRAmhcAJ0dskt+ZAg53ZAU4tBFwZyzLfAaUACguxr1
XyvQZo/trBQf15WO1LATnmk=
=BJR3
-----END PGP SIGNATURE-----

Prev by Date: ICMP-based blind connection-reset attack
Next by Date: GoodTech SMTP server 5.16 RCPT TO command remote buffer overflow
Previous by thread: ICMP-based blind connection-reset attack
Next by thread: GoodTech SMTP server 5.16 RCPT TO command remote buffer overflow
Index(es):
- Date
- Thread