lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050721100138.GA16454@piware.de> Date: Thu Jul 21 11:01:44 2005 From: martin.pitt at canonical.com (Martin Pitt) Subject: [USN-151-1] zlib vulnerability =========================================================== Ubuntu Security Notice USN-151-1 July 21, 2005 zlib vulnerability CAN-2005-1849 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: zlib1g The problem can be corrected by upgrading the affected package to version 1:1.2.1.1-3ubuntu1.2 (for Ubuntu 4.10), or 1:1.2.2-4ubuntu1.2 (for Ubuntu 5.04). A standard system upgrade is NOT SUFFICIENT to effect the necessary changes! If you can afford to reboot your machine, this is the easiest way to ensure that all services using this library are restarted correctly. If not, please manually restart all server applications. Details follow: USN-148-1 fixed an improver input verification of zlib (CAN-2005-2096). Markus Oberhumer discovered additional ways a disrupted stream could trigger a buffer overflow and crash the application using zlib, so another update is necessary. zlib is used by hundreds of server and client applications, so this vulnerability could be exploited to cause Denial of Service attacks to almost all services provided by an Ubuntu system. Updated packages for Ubuntu 4.10 (Warty Warthog): Source archives: http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib_1.2.1.1-3ubuntu1.2.diff.gz Size/MD5: 15670 c9f25a7839f5a5c103ce683213e98110 http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib_1.2.1.1-3ubuntu1.2.dsc Size/MD5: 615 3c59d27929838076fd33dbb71f8d64d3 http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib_1.2.1.1.orig.tar.gz Size/MD5: 345935 a98b37434fb4508cb90d5606bfe8c716 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/z/zlib/zlib-bin_1.2.1.1-3ubuntu1.2_amd64.deb Size/MD5: 27194 3e0dd478fb932b26ae44d7b5d2b648b6 http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-dev_1.2.1.1-3ubuntu1.2_amd64.deb Size/MD5: 423402 b6f656fa91f566abf059fed47b16a5bf http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-udeb_1.2.1.1-3ubuntu1.2_amd64.udeb Size/MD5: 42886 91a34004dbf0f27159d0fafb29e20662 http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g_1.2.1.1-3ubuntu1.2_amd64.deb Size/MD5: 66610 0e38cf14dcc7fcb4f2ecce443eee1db2 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/z/zlib/zlib-bin_1.2.1.1-3ubuntu1.2_i386.deb Size/MD5: 24598 260d26e6f16655ad34165bc61bcd562b http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-dev_1.2.1.1-3ubuntu1.2_i386.deb Size/MD5: 403864 1377635e147cbe87012ad485fe540fcc http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-udeb_1.2.1.1-3ubuntu1.2_i386.udeb Size/MD5: 37378 5fe41e0adc5cc363da7df70bb542ef84 http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g_1.2.1.1-3ubuntu1.2_i386.deb Size/MD5: 61122 02c57d6b9c2fff96f068a3e55478a46d powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/z/zlib/zlib-bin_1.2.1.1-3ubuntu1.2_powerpc.deb Size/MD5: 29276 b3d70bc4dd8f602847ae6cacb757856c http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-dev_1.2.1.1-3ubuntu1.2_powerpc.deb Size/MD5: 442116 f82df965fd614de3e372856611ca767c http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-udeb_1.2.1.1-3ubuntu1.2_powerpc.udeb Size/MD5: 44778 cbb30266486666a2c6bada98fa0c3590 http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g_1.2.1.1-3ubuntu1.2_powerpc.deb Size/MD5: 68712 a8ee86ad9b5ccffb88b060745482b3c8 Updated packages for Ubuntu 5.04 (Hoary Hedgehog): Source archives: http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib_1.2.2-4ubuntu1.2.diff.gz Size/MD5: 15117 e6d6ecb1aa566866cdbf1514f24a9fef http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib_1.2.2-4ubuntu1.2.dsc Size/MD5: 691 958db7bd20c218a240d212d23f740e48 http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib_1.2.2.orig.tar.gz Size/MD5: 430700 d43dabe3d374e299f2631c5fc5ce31f5 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/z/zlib/zlib-bin_1.2.2-4ubuntu1.2_amd64.deb Size/MD5: 28284 7f8be8ea9f1f07f0fb85a9a05d26fb80 http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-dev_1.2.2-4ubuntu1.2_amd64.deb Size/MD5: 503050 ad5a80352f07abfe7b22b22171969249 http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-udeb_1.2.2-4ubuntu1.2_amd64.udeb Size/MD5: 42920 437a7c8359db9540cace6c4305fd516d http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g_1.2.2-4ubuntu1.2_amd64.deb Size/MD5: 67868 2dd68a25dfa7803067c6b2616865367e i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/z/zlib/zlib-bin_1.2.2-4ubuntu1.2_i386.deb Size/MD5: 25568 be825d29e03b67083757defc390e6a42 http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-dev_1.2.2-4ubuntu1.2_i386.deb Size/MD5: 483986 4ce5a8181cb12ecea1bee98d876d677f http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-udeb_1.2.2-4ubuntu1.2_i386.udeb Size/MD5: 37402 8503f5c38be3a1551198a56f9d06394f http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g_1.2.2-4ubuntu1.2_i386.deb Size/MD5: 62416 a9db1c1d89e2b80cd0d4a7a77a41d501 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/z/zlib/zlib-bin_1.2.2-4ubuntu1.2_powerpc.deb Size/MD5: 30344 2294d0e743c50ecbfd2e998ddc797b06 http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-dev_1.2.2-4ubuntu1.2_powerpc.deb Size/MD5: 523122 71c0cce57a9b9d33f24b05f6fa0d7177 http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-udeb_1.2.2-4ubuntu1.2_powerpc.udeb Size/MD5: 44788 f78614ffae7658d92f0b58524f04909e http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g_1.2.2-4ubuntu1.2_powerpc.deb Size/MD5: 69998 95b5de13a5d4c9c7c2aa3962f2cd1b18 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050721/137889f5/attachment.bin
Powered by blists - more mailing lists