lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050706141256.GA2325@piware.de> Date: Wed Jul 6 15:14:13 2005 From: martin.pitt at canonical.com (Martin Pitt) Subject: [USN-148-1] zlib vulnerability =========================================================== Ubuntu Security Notice USN-148-1 July 06, 2005 zlib vulnerability CAN-2005-2096 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: zlib1g The problem can be corrected by upgrading the affected package to version 1:1.2.1.1-3ubuntu1.1 (for Ubuntu 4.10), or 1:1.2.2-4ubuntu1.1 (for Ubuntu 5.04). A standard system upgrade is NOT SUFFICIENT to effect the necessary changes! If you can afford to reboot your machine, this is the easiest way to ensure that all services using this library are restarted correctly. If not, please manually restart all server applications. Details follow: Tavis Ormandy discovered that zlib did not properly verify data streams. Decompressing certain invalid compressed files caused corruption of internal data structures, which caused applications which link to zlib to crash. Specially crafted input might even have allowed arbitrary code execution. zlib is used by hundreds of server and client applications, so this vulnerability could be exploited to cause Denial of Service attacks to almost all services provided by an Ubuntu system. Updated packages for Ubuntu 4.10 (Warty Warthog): Source archives: http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib_1.2.1.1-3ubuntu1.1.diff.gz Size/MD5: 15294 f90b9336bb009307dee87f0677cb07c4 http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib_1.2.1.1-3ubuntu1.1.dsc Size/MD5: 615 887dceeeda873436c0ce2b4660e63377 http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib_1.2.1.1.orig.tar.gz Size/MD5: 345935 a98b37434fb4508cb90d5606bfe8c716 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/z/zlib/zlib-bin_1.2.1.1-3ubuntu1.1_amd64.deb Size/MD5: 27118 77ac7d268147f196ff8a4feaa6866dd8 http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-dev_1.2.1.1-3ubuntu1.1_amd64.deb Size/MD5: 423318 5e5f70c5c94c033da2f64ea4a82d08c8 http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-udeb_1.2.1.1-3ubuntu1.1_amd64.udeb Size/MD5: 42886 1e36349fb14a54dc56202d4b6640716c http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g_1.2.1.1-3ubuntu1.1_amd64.deb Size/MD5: 66528 f412e92660ecc41753414ea5d102dbbd i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/z/zlib/zlib-bin_1.2.1.1-3ubuntu1.1_i386.deb Size/MD5: 24534 ec183c8a2dd78e89223221645eecdd9f http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-dev_1.2.1.1-3ubuntu1.1_i386.deb Size/MD5: 403758 3672c8a4f230da49e3e16864470f7ab8 http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-udeb_1.2.1.1-3ubuntu1.1_i386.udeb Size/MD5: 37376 7257b1ea59d4b44eec00697b029e57cc http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g_1.2.1.1-3ubuntu1.1_i386.deb Size/MD5: 61050 feee9d9af349d90187c03e1be78632ec powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/z/zlib/zlib-bin_1.2.1.1-3ubuntu1.1_powerpc.deb Size/MD5: 29202 d58be04c1b03d8f93e1b17a9edc549bb http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-dev_1.2.1.1-3ubuntu1.1_powerpc.deb Size/MD5: 442080 47e9e0793350614629efe7773e26a785 http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-udeb_1.2.1.1-3ubuntu1.1_powerpc.udeb Size/MD5: 44776 b6157cc917d46b09f7cab5572c4470eb http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g_1.2.1.1-3ubuntu1.1_powerpc.deb Size/MD5: 68632 2af71690bbc01ce9f529ac757498bb3e Updated packages for Ubuntu 5.04 (Hoary Hedgehog): Source archives: http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib_1.2.2-4ubuntu1.1.diff.gz Size/MD5: 14745 c5ced6c988fcb1e8180f16cc1f9e8d65 http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib_1.2.2-4ubuntu1.1.dsc Size/MD5: 691 853cdc541aff78f04b7bbf13ade880c8 http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib_1.2.2.orig.tar.gz Size/MD5: 430700 d43dabe3d374e299f2631c5fc5ce31f5 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/z/zlib/zlib-bin_1.2.2-4ubuntu1.1_amd64.deb Size/MD5: 28218 86c4889da912f447bad2ab386f131690 http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-dev_1.2.2-4ubuntu1.1_amd64.deb Size/MD5: 503058 b2f83435552a145880af3fa4b54ed9f3 http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-udeb_1.2.2-4ubuntu1.1_amd64.udeb Size/MD5: 42918 e858fbf107b7ca9c9c4763bcb33358fc http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g_1.2.2-4ubuntu1.1_amd64.deb Size/MD5: 67790 179d1749c638e9764fbbdc8ecaa8ed9b i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/z/zlib/zlib-bin_1.2.2-4ubuntu1.1_i386.deb Size/MD5: 25488 2798762828ab44c404de6dd193ff84b3 http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-dev_1.2.2-4ubuntu1.1_i386.deb Size/MD5: 483792 5d9d1e58b33084101f8679e0319b5af0 http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-udeb_1.2.2-4ubuntu1.1_i386.udeb Size/MD5: 37400 8fe0adc941ee1fbc4d8b00c5cde1d89a http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g_1.2.2-4ubuntu1.1_i386.deb Size/MD5: 62330 910f69ead9ae59caa3e04985bf08a9a1 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/z/zlib/zlib-bin_1.2.2-4ubuntu1.1_powerpc.deb Size/MD5: 30272 6a474a56695c5ec180acc63b0915d17e http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-dev_1.2.2-4ubuntu1.1_powerpc.deb Size/MD5: 522986 ba9c4d53d8b223141460d33f781019c8 http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-udeb_1.2.2-4ubuntu1.1_powerpc.udeb Size/MD5: 44792 7f4796a14f6a3a06a6a1c89555437b11 http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g_1.2.2-4ubuntu1.1_powerpc.deb Size/MD5: 69918 09101f2dda0bddef945b8681de9bf8d5 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050706/653994ff/attachment.bin
Powered by blists - more mailing lists