[PLDSA 37-1] New zlib packages fix remote arbitrary code execution
Krzysiek Taraszka
dzimi at pld.org.pl
Sat May 3 15:43:12 CEST 2003
- --------------------------------------------------------------------------
PLD Security Advisory PLDSA 37-1 security at pld.org.pl
http://www.pld.org.pl/security/ PLD Security Team
07 March 2003 http://www.pld.org.pl/security/faq
- --------------------------------------------------------------------------
Package : prior to zlib-1.1.4-5
Vulnerability : arbitrary code execution
Problem-Type : remote
PLD-specific : no
BugTraq ID : 6913
CVE references : CAN-2003--107
Richard Kettlewell discovered a buffer overflow vulnerability
in the gzprintf() function provided by zlib. If a program passes
unsafe data to this function (e.g. data from remote images or network
traffic), it is possible for a remote attacker to execute arbitrary
code or to cause a denial of service in such programs.
The above problems have been fixed in version 1.1.4-6 for the
current stable distribution (ra).
We recommend that you upgrade your zlib packages.
wget -c url
will fetch the file for you
rpm -Uhv file(s)*.rpm
will upgrade the referenced file.
If you are using "poldek" - the package manager, use the line as given below
for upgrade packages
poldek --update
will update the internal database
poldek --upgrade 'zlib*'
will install corrected packages
If you are using "apt" - the package manager, use the line as given below
for upgrade packages
apt-get update
will update the internal database
apt-get upgrade 'zlib*'
will install corrected packages
PLD Linux 1.0 alias ra
- --------------------
Source archives:
ftp://ftp.pld.org.pl/dists/ra/updates/security/SRPMS/zlib-1.1.4-6.src.rpm
MD5 checksum: a9b5435fc088396475fe155ab2538be7
I386 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/zlib-1.1.4-6.i386.rpm
MD5 checksum: da902e291e0f3819cc32e81eab500b61
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/zlib-devel-1.1.4-6.i386.rpm
MD5 checksum: 7e9d770fb0b7fa6322af49fe9ca1f27d
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/zlib-static-1.1.4-6.i386.rpm
MD5 checksum: 6d9e532d660b3aa9bb7f079adb7b24b9
I586 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/zlib-1.1.4-6.i586.rpm
MD5 checksum: fe1b5727bfaccb3fb6f9b06436dc7555
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/zlib-devel-1.1.4-6.i586.rpm
MD5 checksum: 4135bde71a8f5376cccb02c5249d8f68
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/zlib-static-1.1.4-6.i586.rpm
MD5 checksum: 341f87bcf82c5dcf20ff50343d559ee2
I686 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/zlib-1.1.4-6.i686.rpm
MD5 checksum: 4b59c00f7b2ea62c720c7130e2c0e34d
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/zlib-devel-1.1.4-6.i686.rpm
MD5 checksum: 15287f6a116141d7ed276c45ce76eda0
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/zlib-static-1.1.4-6.i686.rpm
MD5 checksum: 503fd81cf6259b479c7e0b2af2062f69
PowerPC Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/zlib-1.1.4-6.ppc.rpm
MD5 checksum: 9e813c04ba856148c01a4489e63d006f
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/zlib-devel-1.1.4-6.ppc.rpm
MD5 checksum: 9d63e226dfb397de6b0a5478702cdc86
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/zlib-static-1.1.4-6.ppc.rpm
MD5 checksum: 2c0b782e73062758dd9507f9dbac9fe0
-
--------------------------------------------------------------------------------
-
If you are using poldek add this line to poldek.conf.
If you are using apt-get add this line to sources.list.
For i386 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i386 base updates-security
For i586 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i586 base updates-security
For i686 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i686 base updates-security
For ppc architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/ppc base updates-security
More information about the pld-security-announce
mailing list