[UPDATED] Fedora Legacy Test Update Notification: zlib
Marc Deslauriers
marcdeslauriers at videotron.ca
Tue Aug 9 23:54:18 UTC 2005
These packages were updated to fix CAN-2005-1849 also.
---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-162680
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162680
2005-08-09
---------------------------------------------------------------------
Name : zlib
Versions : fc1: zlib-1.2.0.7-2.3.legacy
Versions : fc2: zlib-1.2.1.2-0.fc2.2.legacy
Summary : The zlib compression and decompression library.
Description :
Zlib is a general-purpose, patent-free, lossless data compression
library which is used by many different programs.
---------------------------------------------------------------------
Update Information:
Updated Zlib packages that fix a buffer overflow are now available.
Zlib is a general-purpose lossless data compression library which is
used by many different programs.
Tavis Ormandy discovered a buffer overflow affecting Zlib version 1.2
and above. An attacker could create a carefully crafted compressed
stream that would cause an application to crash if the stream is opened
by a user. As an example, an attacker could create a malicious PNG image
file which would cause a web browser or mail viewer to crash if the
image is viewed. The Common Vulnerabilities and Exposures project
assigned the name CAN-2005-2096 to this issue.
Markus Oberhumer discovered additional ways a stream could trigger an
overflow. An attacker could create a carefully crafted compressed stream
that would cause an application to crash if the stream is opened by a
user. As an example, an attacker could create a malicious PNG image file
that would cause a Web browser or mail viewer to crash if the image is
viewed. The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the name CAN-2005-1849 to this issue.
All users should update to these erratum packages which contain a patch
from Mark Adler which corrects this issue.
---------------------------------------------------------------------
Changelogs
fc1:
* Tue Aug 09 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
1.2.0.7-2.3.legacy
- Added patch for CAN-2005-1849
* Wed Jul 13 2005 Jeff Sheltren <sheltren at cs.ucsb.edu> 1.2.0.7-2.2.legacy
- Patch for buffer overflow (#162680) CAN-2005-2096
fc2:
* Tue Aug 09 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
1.2.1.2-0.fc2.2.legacy
- Added patch for CAN-2005-1849
* Wed Jul 13 2005 Jeff Sheltren <sheltren at cs.ucsb.edu>
1.2.1.2-0.fc2.1.legacy
- Patch buffer overflow (#162680), CAN-2005-2096
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedoralegacy.org/
(sha1sums)
f242225e07d39648b0d7d6558150285ddf7f62d8
fedora/1/updates-testing/i386/zlib-1.2.0.7-2.3.legacy.i386.rpm
618d744e5a8f9a895b40f952a8593985c93fd6d6
fedora/1/updates-testing/i386/zlib-devel-1.2.0.7-2.3.legacy.i386.rpm
c812abcd0c5bcfccc86573e81d68ebff5b615ded
fedora/1/updates-testing/SRPMS/zlib-1.2.0.7-2.3.legacy.src.rpm
d07c43de860f476302fcd1fc82d18db1835e1ba1
fedora/2/updates-testing/i386/zlib-1.2.1.2-0.fc2.2.legacy.i386.rpm
f3326c134c6346ca8f120d86d28908ad45907bf9
fedora/2/updates-testing/i386/zlib-devel-1.2.1.2-0.fc2.2.legacy.i386.rpm
2d288f7b2dd848a4c3f36d3ff7c200b9b629c868
fedora/2/updates-testing/SRPMS/zlib-1.2.1.2-0.fc2.2.legacy.src.rpm
---------------------------------------------------------------------
Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050809/50313f84/attachment.sig>
More information about the fedora-legacy-list
mailing list