lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050706141256.GA2325@piware.de>
Date: Wed Jul  6 15:14:13 2005
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-148-1] zlib vulnerability

===========================================================
Ubuntu Security Notice USN-148-1	      July 06, 2005
zlib vulnerability
CAN-2005-2096
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

zlib1g

The problem can be corrected by upgrading the affected package to
version 1:1.2.1.1-3ubuntu1.1 (for Ubuntu 4.10), or 1:1.2.2-4ubuntu1.1
(for Ubuntu 5.04). A standard system upgrade is NOT SUFFICIENT to
effect the necessary changes! If you can afford to reboot your
machine, this is the easiest way to ensure that all services using
this library are restarted correctly. If not, please manually restart
all server applications.

Details follow:

Tavis Ormandy discovered that zlib did not properly verify data
streams.  Decompressing certain invalid compressed files caused
corruption of internal data structures, which caused applications
which link to zlib to crash.  Specially crafted input might even have
allowed arbitrary code execution.

zlib is used by hundreds of server and client applications, so this
vulnerability could be exploited to cause Denial of Service attacks to
almost all services provided by an Ubuntu system.


Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib_1.2.1.1-3ubuntu1.1.diff.gz
      Size/MD5:    15294 f90b9336bb009307dee87f0677cb07c4
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib_1.2.1.1-3ubuntu1.1.dsc
      Size/MD5:      615 887dceeeda873436c0ce2b4660e63377
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib_1.2.1.1.orig.tar.gz
      Size/MD5:   345935 a98b37434fb4508cb90d5606bfe8c716

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/z/zlib/zlib-bin_1.2.1.1-3ubuntu1.1_amd64.deb
      Size/MD5:    27118 77ac7d268147f196ff8a4feaa6866dd8
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-dev_1.2.1.1-3ubuntu1.1_amd64.deb
      Size/MD5:   423318 5e5f70c5c94c033da2f64ea4a82d08c8
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-udeb_1.2.1.1-3ubuntu1.1_amd64.udeb
      Size/MD5:    42886 1e36349fb14a54dc56202d4b6640716c
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g_1.2.1.1-3ubuntu1.1_amd64.deb
      Size/MD5:    66528 f412e92660ecc41753414ea5d102dbbd

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/z/zlib/zlib-bin_1.2.1.1-3ubuntu1.1_i386.deb
      Size/MD5:    24534 ec183c8a2dd78e89223221645eecdd9f
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-dev_1.2.1.1-3ubuntu1.1_i386.deb
      Size/MD5:   403758 3672c8a4f230da49e3e16864470f7ab8
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-udeb_1.2.1.1-3ubuntu1.1_i386.udeb
      Size/MD5:    37376 7257b1ea59d4b44eec00697b029e57cc
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g_1.2.1.1-3ubuntu1.1_i386.deb
      Size/MD5:    61050 feee9d9af349d90187c03e1be78632ec

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/z/zlib/zlib-bin_1.2.1.1-3ubuntu1.1_powerpc.deb
      Size/MD5:    29202 d58be04c1b03d8f93e1b17a9edc549bb
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-dev_1.2.1.1-3ubuntu1.1_powerpc.deb
      Size/MD5:   442080 47e9e0793350614629efe7773e26a785
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-udeb_1.2.1.1-3ubuntu1.1_powerpc.udeb
      Size/MD5:    44776 b6157cc917d46b09f7cab5572c4470eb
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g_1.2.1.1-3ubuntu1.1_powerpc.deb
      Size/MD5:    68632 2af71690bbc01ce9f529ac757498bb3e

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib_1.2.2-4ubuntu1.1.diff.gz
      Size/MD5:    14745 c5ced6c988fcb1e8180f16cc1f9e8d65
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib_1.2.2-4ubuntu1.1.dsc
      Size/MD5:      691 853cdc541aff78f04b7bbf13ade880c8
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib_1.2.2.orig.tar.gz
      Size/MD5:   430700 d43dabe3d374e299f2631c5fc5ce31f5

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/z/zlib/zlib-bin_1.2.2-4ubuntu1.1_amd64.deb
      Size/MD5:    28218 86c4889da912f447bad2ab386f131690
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-dev_1.2.2-4ubuntu1.1_amd64.deb
      Size/MD5:   503058 b2f83435552a145880af3fa4b54ed9f3
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-udeb_1.2.2-4ubuntu1.1_amd64.udeb
      Size/MD5:    42918 e858fbf107b7ca9c9c4763bcb33358fc
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g_1.2.2-4ubuntu1.1_amd64.deb
      Size/MD5:    67790 179d1749c638e9764fbbdc8ecaa8ed9b

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/z/zlib/zlib-bin_1.2.2-4ubuntu1.1_i386.deb
      Size/MD5:    25488 2798762828ab44c404de6dd193ff84b3
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-dev_1.2.2-4ubuntu1.1_i386.deb
      Size/MD5:   483792 5d9d1e58b33084101f8679e0319b5af0
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-udeb_1.2.2-4ubuntu1.1_i386.udeb
      Size/MD5:    37400 8fe0adc941ee1fbc4d8b00c5cde1d89a
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g_1.2.2-4ubuntu1.1_i386.deb
      Size/MD5:    62330 910f69ead9ae59caa3e04985bf08a9a1

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/z/zlib/zlib-bin_1.2.2-4ubuntu1.1_powerpc.deb
      Size/MD5:    30272 6a474a56695c5ec180acc63b0915d17e
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-dev_1.2.2-4ubuntu1.1_powerpc.deb
      Size/MD5:   522986 ba9c4d53d8b223141460d33f781019c8
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-udeb_1.2.2-4ubuntu1.1_powerpc.udeb
      Size/MD5:    44792 7f4796a14f6a3a06a6a1c89555437b11
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g_1.2.2-4ubuntu1.1_powerpc.deb
      Size/MD5:    69918 09101f2dda0bddef945b8681de9bf8d5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050706/653994ff/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ