Login
Newsletter
Werbung

Sicherheit: Speicherkorruption in zlib
Aktuelle Meldungen Distributionen
Name: Speicherkorruption in zlib
ID:
Distribution: Slackware
Plattformen: Slackware -current, Slackware 7.1, Slackware 8.0
Datum: Mi, 13. März 2002, 12:00
Referenzen: Keine Angabe
Applikationen: zlib

Originalnachricht

New zlib packages are available to fix a security problem which may impact
programs that link with zlib.

Here's the information from the Slackware 8.0 ChangeLog:

----------------------------
Mon Mar 11 13:32:40 PST 2002
patches/packages/zlib.tgz: Upgraded to zlib-1.1.4. This fixes a security
problem which may introduce vulnerabilities into any program that links with
zlib. Quoting the advisory on zlib.org:

"Depending upon how and where the zlib routines are called from the given
program, the resulting vulnerability may have one or more of the following
impacts: denial of service, information leakage, or execution of arbitrary
code."

Sites are urged to upgrade the zlib package immediately.

The complete advisory may be found here:
http://www.zlib.org/advisory-2002-03-11.txt

(* Security fix *)
----------------------------


WHERE TO FIND THE NEW PACKAGE:
------------------------------
Updated zlib package for Slackware 7.1:
ftp://ftp.slackware.com/pub/slackware/slackware-7.1/patches/packages/zlib.tgz

Updated zlib package for Slackware 8.0:
ftp://ftp.slackware.com/pub/slackware/slackware-8.0/patches/packages/zlib.tgz

Updated zlib package for Slackware -current:
zlib-1.1.4-i386-1.tgz


MD5 SIGNATURE:
--------------

Here is the md5sum for the package:

Slackware 7.1:
8371e3ea1d8d0f624edc43ede13e82dd zlib.tgz

Slackware 8.0:
7e5187be97632b446c214cf62fc94fff zlib.tgz

Slackware -current:
5d9968475642c822ae11cce8c5504ece zlib-1.1.4-i386-1.tgz


INSTALLATION INSTRUCTIONS:
--------------------------

As root, upgrade to the new zlib.tgz package:
# upgradepkg zlib.tgz

Afterwards, restart any running programs that link to libz.so.

Remember, it's also a good idea to backup configuration files before
upgrading packages.

- Slackware Linux Security Team
http://www.slackware.com


+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back. Follow the instructions to |
| complete the unsubscription. Do not reply to this message to |
| unsubscribe! |
+------------------------------------------------------------------------+
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung