Login
Newsletter
Werbung

Sicherheit: Pufferüberlauf in zlib
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in zlib
ID: USN-148-1
Distribution: Ubuntu
Plattformen: Ubuntu 4.10, Ubuntu 5.04
Datum: Do, 7. Juli 2005, 13:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2096
Applikationen: zlib

Originalnachricht

===========================================================
Ubuntu Security Notice USN-148-1 July 06, 2005
zlib vulnerability
CAN-2005-2096
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

zlib1g

The problem can be corrected by upgrading the affected package to
version 1:1.2.1.1-3ubuntu1.1 (for Ubuntu 4.10), or 1:1.2.2-4ubuntu1.1
(for Ubuntu 5.04). A standard system upgrade is NOT SUFFICIENT to
effect the necessary changes! If you can afford to reboot your
machine, this is the easiest way to ensure that all services using
this library are restarted correctly. If not, please manually restart
all server applications.

Details follow:

Tavis Ormandy discovered that zlib did not properly verify data
streams. Decompressing certain invalid compressed files caused
corruption of internal data structures, which caused applications
which link to zlib to crash. Specially crafted input might even have
allowed arbitrary code execution.

zlib is used by hundreds of server and client applications, so this
vulnerability could be exploited to cause Denial of Service attacks to
almost all services provided by an Ubuntu system.


Updated packages for Ubuntu 4.10 (Warty Warthog):

Source archives:

zlib_1.2.1.1-3ubuntu1.1.diff.gz
Size/MD5: 15294 f90b9336bb009307dee87f0677cb07c4
zlib_1.2.1.1-3ubuntu1.1.dsc
Size/MD5: 615 887dceeeda873436c0ce2b4660e63377
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib_1.2.1.1.orig.tar.gz
Size/MD5: 345935 a98b37434fb4508cb90d5606bfe8c716

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

zlib-bin_1.2.1.1-3ubuntu1.1_amd64.deb
Size/MD5: 27118 77ac7d268147f196ff8a4feaa6866dd8
zlib1g-dev_1.2.1.1-3ubuntu1.1_amd64.deb
Size/MD5: 423318 5e5f70c5c94c033da2f64ea4a82d08c8
zlib1g-udeb_1.2.1.1-3ubuntu1.1_amd64.udeb
Size/MD5: 42886 1e36349fb14a54dc56202d4b6640716c
zlib1g_1.2.1.1-3ubuntu1.1_amd64.deb
Size/MD5: 66528 f412e92660ecc41753414ea5d102dbbd

i386 architecture (x86 compatible Intel/AMD)

zlib-bin_1.2.1.1-3ubuntu1.1_i386.deb
Size/MD5: 24534 ec183c8a2dd78e89223221645eecdd9f
zlib1g-dev_1.2.1.1-3ubuntu1.1_i386.deb
Size/MD5: 403758 3672c8a4f230da49e3e16864470f7ab8
zlib1g-udeb_1.2.1.1-3ubuntu1.1_i386.udeb
Size/MD5: 37376 7257b1ea59d4b44eec00697b029e57cc
zlib1g_1.2.1.1-3ubuntu1.1_i386.deb
Size/MD5: 61050 feee9d9af349d90187c03e1be78632ec

powerpc architecture (Apple Macintosh G3/G4/G5)

zlib-bin_1.2.1.1-3ubuntu1.1_powerpc.deb
Size/MD5: 29202 d58be04c1b03d8f93e1b17a9edc549bb
zlib1g-dev_1.2.1.1-3ubuntu1.1_powerpc.deb
Size/MD5: 442080 47e9e0793350614629efe7773e26a785
zlib1g-udeb_1.2.1.1-3ubuntu1.1_powerpc.udeb
Size/MD5: 44776 b6157cc917d46b09f7cab5572c4470eb
zlib1g_1.2.1.1-3ubuntu1.1_powerpc.deb
Size/MD5: 68632 2af71690bbc01ce9f529ac757498bb3e

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

Source archives:

zlib_1.2.2-4ubuntu1.1.diff.gz
Size/MD5: 14745 c5ced6c988fcb1e8180f16cc1f9e8d65
zlib_1.2.2-4ubuntu1.1.dsc
Size/MD5: 691 853cdc541aff78f04b7bbf13ade880c8
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib_1.2.2.orig.tar.gz
Size/MD5: 430700 d43dabe3d374e299f2631c5fc5ce31f5

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

zlib-bin_1.2.2-4ubuntu1.1_amd64.deb
Size/MD5: 28218 86c4889da912f447bad2ab386f131690
zlib1g-dev_1.2.2-4ubuntu1.1_amd64.deb
Size/MD5: 503058 b2f83435552a145880af3fa4b54ed9f3
zlib1g-udeb_1.2.2-4ubuntu1.1_amd64.udeb
Size/MD5: 42918 e858fbf107b7ca9c9c4763bcb33358fc
zlib1g_1.2.2-4ubuntu1.1_amd64.deb
Size/MD5: 67790 179d1749c638e9764fbbdc8ecaa8ed9b

i386 architecture (x86 compatible Intel/AMD)

zlib-bin_1.2.2-4ubuntu1.1_i386.deb
Size/MD5: 25488 2798762828ab44c404de6dd193ff84b3
zlib1g-dev_1.2.2-4ubuntu1.1_i386.deb
Size/MD5: 483792 5d9d1e58b33084101f8679e0319b5af0
zlib1g-udeb_1.2.2-4ubuntu1.1_i386.udeb
Size/MD5: 37400 8fe0adc941ee1fbc4d8b00c5cde1d89a
zlib1g_1.2.2-4ubuntu1.1_i386.deb
Size/MD5: 62330 910f69ead9ae59caa3e04985bf08a9a1

powerpc architecture (Apple Macintosh G3/G4/G5)

zlib-bin_1.2.2-4ubuntu1.1_powerpc.deb
Size/MD5: 30272 6a474a56695c5ec180acc63b0915d17e
zlib1g-dev_1.2.2-4ubuntu1.1_powerpc.deb
Size/MD5: 522986 ba9c4d53d8b223141460d33f781019c8
zlib1g-udeb_1.2.2-4ubuntu1.1_powerpc.udeb
Size/MD5: 44792 7f4796a14f6a3a06a6a1c89555437b11
zlib1g_1.2.2-4ubuntu1.1_powerpc.deb
Size/MD5: 69918 09101f2dda0bddef945b8681de9bf8d5





--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung