lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050721100138.GA16454@piware.de>
Date: Thu Jul 21 11:01:44 2005
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-151-1] zlib vulnerability

===========================================================
Ubuntu Security Notice USN-151-1	      July 21, 2005
zlib vulnerability
CAN-2005-1849
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

zlib1g

The problem can be corrected by upgrading the affected package to
version 1:1.2.1.1-3ubuntu1.2 (for Ubuntu 4.10), or 1:1.2.2-4ubuntu1.2
(for Ubuntu 5.04). 

A standard system upgrade is NOT SUFFICIENT to effect the necessary
changes! If you can afford to reboot your machine, this is the easiest
way to ensure that all services using this library are restarted
correctly. If not, please manually restart all server applications.

Details follow:

USN-148-1 fixed an improver input verification of zlib
(CAN-2005-2096). Markus Oberhumer discovered additional ways a
disrupted stream could trigger a buffer overflow and crash the
application using zlib, so another update is necessary.

zlib is used by hundreds of server and client applications, so this
vulnerability could be exploited to cause Denial of Service attacks to
almost all services provided by an Ubuntu system.

Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib_1.2.1.1-3ubuntu1.2.diff.gz
      Size/MD5:    15670 c9f25a7839f5a5c103ce683213e98110
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib_1.2.1.1-3ubuntu1.2.dsc
      Size/MD5:      615 3c59d27929838076fd33dbb71f8d64d3
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib_1.2.1.1.orig.tar.gz
      Size/MD5:   345935 a98b37434fb4508cb90d5606bfe8c716

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/z/zlib/zlib-bin_1.2.1.1-3ubuntu1.2_amd64.deb
      Size/MD5:    27194 3e0dd478fb932b26ae44d7b5d2b648b6
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-dev_1.2.1.1-3ubuntu1.2_amd64.deb
      Size/MD5:   423402 b6f656fa91f566abf059fed47b16a5bf
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-udeb_1.2.1.1-3ubuntu1.2_amd64.udeb
      Size/MD5:    42886 91a34004dbf0f27159d0fafb29e20662
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g_1.2.1.1-3ubuntu1.2_amd64.deb
      Size/MD5:    66610 0e38cf14dcc7fcb4f2ecce443eee1db2

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/z/zlib/zlib-bin_1.2.1.1-3ubuntu1.2_i386.deb
      Size/MD5:    24598 260d26e6f16655ad34165bc61bcd562b
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-dev_1.2.1.1-3ubuntu1.2_i386.deb
      Size/MD5:   403864 1377635e147cbe87012ad485fe540fcc
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-udeb_1.2.1.1-3ubuntu1.2_i386.udeb
      Size/MD5:    37378 5fe41e0adc5cc363da7df70bb542ef84
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g_1.2.1.1-3ubuntu1.2_i386.deb
      Size/MD5:    61122 02c57d6b9c2fff96f068a3e55478a46d

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/z/zlib/zlib-bin_1.2.1.1-3ubuntu1.2_powerpc.deb
      Size/MD5:    29276 b3d70bc4dd8f602847ae6cacb757856c
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-dev_1.2.1.1-3ubuntu1.2_powerpc.deb
      Size/MD5:   442116 f82df965fd614de3e372856611ca767c
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-udeb_1.2.1.1-3ubuntu1.2_powerpc.udeb
      Size/MD5:    44778 cbb30266486666a2c6bada98fa0c3590
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g_1.2.1.1-3ubuntu1.2_powerpc.deb
      Size/MD5:    68712 a8ee86ad9b5ccffb88b060745482b3c8

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib_1.2.2-4ubuntu1.2.diff.gz
      Size/MD5:    15117 e6d6ecb1aa566866cdbf1514f24a9fef
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib_1.2.2-4ubuntu1.2.dsc
      Size/MD5:      691 958db7bd20c218a240d212d23f740e48
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib_1.2.2.orig.tar.gz
      Size/MD5:   430700 d43dabe3d374e299f2631c5fc5ce31f5

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/z/zlib/zlib-bin_1.2.2-4ubuntu1.2_amd64.deb
      Size/MD5:    28284 7f8be8ea9f1f07f0fb85a9a05d26fb80
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-dev_1.2.2-4ubuntu1.2_amd64.deb
      Size/MD5:   503050 ad5a80352f07abfe7b22b22171969249
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-udeb_1.2.2-4ubuntu1.2_amd64.udeb
      Size/MD5:    42920 437a7c8359db9540cace6c4305fd516d
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g_1.2.2-4ubuntu1.2_amd64.deb
      Size/MD5:    67868 2dd68a25dfa7803067c6b2616865367e

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/z/zlib/zlib-bin_1.2.2-4ubuntu1.2_i386.deb
      Size/MD5:    25568 be825d29e03b67083757defc390e6a42
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-dev_1.2.2-4ubuntu1.2_i386.deb
      Size/MD5:   483986 4ce5a8181cb12ecea1bee98d876d677f
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-udeb_1.2.2-4ubuntu1.2_i386.udeb
      Size/MD5:    37402 8503f5c38be3a1551198a56f9d06394f
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g_1.2.2-4ubuntu1.2_i386.deb
      Size/MD5:    62416 a9db1c1d89e2b80cd0d4a7a77a41d501

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/z/zlib/zlib-bin_1.2.2-4ubuntu1.2_powerpc.deb
      Size/MD5:    30344 2294d0e743c50ecbfd2e998ddc797b06
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-dev_1.2.2-4ubuntu1.2_powerpc.deb
      Size/MD5:   523122 71c0cce57a9b9d33f24b05f6fa0d7177
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-udeb_1.2.2-4ubuntu1.2_powerpc.udeb
      Size/MD5:    44788 f78614ffae7658d92f0b58524f04909e
    http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g_1.2.2-4ubuntu1.2_powerpc.deb
      Size/MD5:    69998 95b5de13a5d4c9c7c2aa3962f2cd1b18
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050721/137889f5/attachment.bin

Powered by blists - more mailing lists