[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050721100138.GA16454@piware.de>
Date: Thu, 21 Jul 2005 12:01:38 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-151-1] zlib vulnerability
===========================================================
Ubuntu Security Notice USN-151-1 July 21, 2005
zlib vulnerability
CAN-2005-1849
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
zlib1g
The problem can be corrected by upgrading the affected package to
version 1:1.2.1.1-3ubuntu1.2 (for Ubuntu 4.10), or 1:1.2.2-4ubuntu1.2
(for Ubuntu 5.04).
A standard system upgrade is NOT SUFFICIENT to effect the necessary
changes! If you can afford to reboot your machine, this is the easiest
way to ensure that all services using this library are restarted
correctly. If not, please manually restart all server applications.
Details follow:
USN-148-1 fixed an improver input verification of zlib
(CAN-2005-2096). Markus Oberhumer discovered additional ways a
disrupted stream could trigger a buffer overflow and crash the
application using zlib, so another update is necessary.
zlib is used by hundreds of server and client applications, so this
vulnerability could be exploited to cause Denial of Service attacks to
almost all services provided by an Ubuntu system.
Updated packages for Ubuntu 4.10 (Warty Warthog):
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib_1.2.1.1-3ubuntu1.2.diff.gz
Size/MD5: 15670 c9f25a7839f5a5c103ce683213e98110
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib_1.2.1.1-3ubuntu1.2.dsc
Size/MD5: 615 3c59d27929838076fd33dbb71f8d64d3
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib_1.2.1.1.orig.tar.gz
Size/MD5: 345935 a98b37434fb4508cb90d5606bfe8c716
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/z/zlib/zlib-bin_1.2.1.1-3ubuntu1.2_amd64.deb
Size/MD5: 27194 3e0dd478fb932b26ae44d7b5d2b648b6
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-dev_1.2.1.1-3ubuntu1.2_amd64.deb
Size/MD5: 423402 b6f656fa91f566abf059fed47b16a5bf
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-udeb_1.2.1.1-3ubuntu1.2_amd64.udeb
Size/MD5: 42886 91a34004dbf0f27159d0fafb29e20662
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g_1.2.1.1-3ubuntu1.2_amd64.deb
Size/MD5: 66610 0e38cf14dcc7fcb4f2ecce443eee1db2
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/z/zlib/zlib-bin_1.2.1.1-3ubuntu1.2_i386.deb
Size/MD5: 24598 260d26e6f16655ad34165bc61bcd562b
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-dev_1.2.1.1-3ubuntu1.2_i386.deb
Size/MD5: 403864 1377635e147cbe87012ad485fe540fcc
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-udeb_1.2.1.1-3ubuntu1.2_i386.udeb
Size/MD5: 37378 5fe41e0adc5cc363da7df70bb542ef84
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g_1.2.1.1-3ubuntu1.2_i386.deb
Size/MD5: 61122 02c57d6b9c2fff96f068a3e55478a46d
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/z/zlib/zlib-bin_1.2.1.1-3ubuntu1.2_powerpc.deb
Size/MD5: 29276 b3d70bc4dd8f602847ae6cacb757856c
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-dev_1.2.1.1-3ubuntu1.2_powerpc.deb
Size/MD5: 442116 f82df965fd614de3e372856611ca767c
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-udeb_1.2.1.1-3ubuntu1.2_powerpc.udeb
Size/MD5: 44778 cbb30266486666a2c6bada98fa0c3590
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g_1.2.1.1-3ubuntu1.2_powerpc.deb
Size/MD5: 68712 a8ee86ad9b5ccffb88b060745482b3c8
Updated packages for Ubuntu 5.04 (Hoary Hedgehog):
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib_1.2.2-4ubuntu1.2.diff.gz
Size/MD5: 15117 e6d6ecb1aa566866cdbf1514f24a9fef
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib_1.2.2-4ubuntu1.2.dsc
Size/MD5: 691 958db7bd20c218a240d212d23f740e48
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib_1.2.2.orig.tar.gz
Size/MD5: 430700 d43dabe3d374e299f2631c5fc5ce31f5
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/z/zlib/zlib-bin_1.2.2-4ubuntu1.2_amd64.deb
Size/MD5: 28284 7f8be8ea9f1f07f0fb85a9a05d26fb80
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-dev_1.2.2-4ubuntu1.2_amd64.deb
Size/MD5: 503050 ad5a80352f07abfe7b22b22171969249
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-udeb_1.2.2-4ubuntu1.2_amd64.udeb
Size/MD5: 42920 437a7c8359db9540cace6c4305fd516d
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g_1.2.2-4ubuntu1.2_amd64.deb
Size/MD5: 67868 2dd68a25dfa7803067c6b2616865367e
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/z/zlib/zlib-bin_1.2.2-4ubuntu1.2_i386.deb
Size/MD5: 25568 be825d29e03b67083757defc390e6a42
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-dev_1.2.2-4ubuntu1.2_i386.deb
Size/MD5: 483986 4ce5a8181cb12ecea1bee98d876d677f
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-udeb_1.2.2-4ubuntu1.2_i386.udeb
Size/MD5: 37402 8503f5c38be3a1551198a56f9d06394f
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g_1.2.2-4ubuntu1.2_i386.deb
Size/MD5: 62416 a9db1c1d89e2b80cd0d4a7a77a41d501
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/z/zlib/zlib-bin_1.2.2-4ubuntu1.2_powerpc.deb
Size/MD5: 30344 2294d0e743c50ecbfd2e998ddc797b06
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-dev_1.2.2-4ubuntu1.2_powerpc.deb
Size/MD5: 523122 71c0cce57a9b9d33f24b05f6fa0d7177
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-udeb_1.2.2-4ubuntu1.2_powerpc.udeb
Size/MD5: 44788 f78614ffae7658d92f0b58524f04909e
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g_1.2.2-4ubuntu1.2_powerpc.deb
Size/MD5: 69998 95b5de13a5d4c9c7c2aa3962f2cd1b18
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists