lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <E1DqOvt-0001FV-NV@mercury.mandriva.com> Date: Thu Jul 7 06:28:35 2005 From: security at mandriva.com (Mandriva Security Team) Subject: MDKSA-2005:112 - Updated zlib packages fix vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Update Advisory _______________________________________________________________________ Package name: zlib Advisory ID: MDKSA-2005:112 Date: July 6th, 2005 Affected versions: 10.0, 10.1, 10.2, Corporate 3.0 ______________________________________________________________________ Problem Description: Tavis Ormandy of the Gentoo Security Project discovered a vulnerability in zlib where a certain data stream would cause zlib to corrupt a data structure, resulting in the linked application to dump core. The updated packages have been patched to correct this problem. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096 ______________________________________________________________________ Updated Packages: Mandrakelinux 10.0: 45457a67f143e009c4c2e737f72a72cd 10.0/RPMS/zlib1-1.2.1-2.2.100mdk.i586.rpm fb9cb92b1149a7210c02480adf847268 10.0/RPMS/zlib1-devel-1.2.1-2.2.100mdk.i586.rpm b2eb2e14dda3854176c63e172be0e1dc 10.0/SRPMS/zlib-1.2.1-2.2.100mdk.src.rpm Mandrakelinux 10.0/AMD64: 5c26bbcefa548fb0e0455c49d8cab450 amd64/10.0/RPMS/zlib1-1.2.1-2.2.100mdk.amd64.rpm 058815a877ca4bda488042afc0a17fac amd64/10.0/RPMS/zlib1-devel-1.2.1-2.2.100mdk.amd64.rpm b2eb2e14dda3854176c63e172be0e1dc amd64/10.0/SRPMS/zlib-1.2.1-2.2.100mdk.src.rpm Mandrakelinux 10.1: bf14e4c8290d9034414e26a7d064e409 10.1/RPMS/zlib1-1.2.1.1-3.1.101mdk.i586.rpm 0b40ecfd8214b1b73910576f48d774d7 10.1/RPMS/zlib1-devel-1.2.1.1-3.1.101mdk.i586.rpm bc5f28d5cf15cae679899b9b21ec415c 10.1/SRPMS/zlib-1.2.1.1-3.1.101mdk.src.rpm Mandrakelinux 10.1/X86_64: 92562565afb652388ba804f62417978e x86_64/10.1/RPMS/zlib1-1.2.1.1-3.1.101mdk.x86_64.rpm db4015970358e24dca4e876d324b3426 x86_64/10.1/RPMS/zlib1-devel-1.2.1.1-3.1.101mdk.x86_64.rpm bc5f28d5cf15cae679899b9b21ec415c x86_64/10.1/SRPMS/zlib-1.2.1.1-3.1.101mdk.src.rpm Mandrakelinux 10.2: 4044d77bc298ed7b5368a275fb033601 10.2/RPMS/zlib1-1.2.2.2-2.1.102mdk.i586.rpm bddf58d123f1b91640cafa687b814cd2 10.2/RPMS/zlib1-devel-1.2.2.2-2.1.102mdk.i586.rpm ec8ec911005302a927861e61e075164d 10.2/SRPMS/zlib-1.2.2.2-2.1.102mdk.src.rpm Mandrakelinux 10.2/X86_64: 7ccc1e7502a8223c09dcf04fef816f6a x86_64/10.2/RPMS/zlib1-1.2.2.2-2.1.102mdk.x86_64.rpm 0af31a45633b5c9d9e6535949c43d6ad x86_64/10.2/RPMS/zlib1-devel-1.2.2.2-2.1.102mdk.x86_64.rpm ec8ec911005302a927861e61e075164d x86_64/10.2/SRPMS/zlib-1.2.2.2-2.1.102mdk.src.rpm Corporate 3.0: 51822c133a9f4648e80ca563dc67e0e8 corporate/3.0/RPMS/zlib1-1.2.1-2.2.C30mdk.i586.rpm a0d93b089e10b7c77b94fafe5f7dcfbd corporate/3.0/RPMS/zlib1-devel-1.2.1-2.2.C30mdk.i586.rpm d6b8d7110c7c3f9887951ff95dc6a473 corporate/3.0/SRPMS/zlib-1.2.1-2.2.C30mdk.src.rpm Corporate 3.0/X86_64: 2277267171a472b87f509f4df73ef43c x86_64/corporate/3.0/RPMS/zlib1-1.2.1-2.2.C30mdk.x86_64.rpm 523c5ab3f3b6fbbe62a00bb5a99ff1db x86_64/corporate/3.0/RPMS/zlib1-devel-1.2.1-2.2.C30mdk.x86_64.rpm d6b8d7110c7c3f9887951ff95dc6a473 x86_64/corporate/3.0/SRPMS/zlib-1.2.1-2.2.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCzL11mqjQ0CJFipgRAtoAAKCS2oY1mYi5BSi6I9jAq16vIh6+1QCgo7Ti IiNyNXQCSbIG9OaFnpLqZt8= =0lQA -----END PGP SIGNATURE-----
Powered by blists - more mailing lists