Fedora Legacy Test Update Notification: zlib

Marc Deslauriers marcdeslauriers at videotron.ca
Thu Feb 10 02:16:17 UTC 2005 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-2043
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2043
2005-02-09
---------------------------------------------------------------------

Name        : zlib
Versions    : fc1: zlib-1.2.0.7-2.1.legacy
Summary     : The zlib compression and decompression library.
Description :
Zlib is a general-purpose, patent-free, lossless data compression
library which is used by many different programs.

---------------------------------------------------------------------
Update Information:

An updated zlib package that fixes a security flaws is now available.

Zlib is a general-purpose, patent-free, lossless data compression
library which is used by many different programs.

Johan Thelmen reported that a specially crafted file can cause a
segmentation fault in zlib as the inflate() and inflateBack() functions
do not properly handle errors. An attacker could construct a carefully
crafted file that could cause a crash or possibly execute arbitrary code
when opened. The specific impact depends on the application using zlib.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0797 to this issue.

Users of zlib are advised to upgrade to this errata package, which
contains a backported patch correcting this issue.

---------------------------------------------------------------------
Changelogs

fc1:
* Fri Nov 19 2004 Rob Myers <rob.myers at gtri.gatech.edu> 1.2.0.7-2.1.legacy
- apply patch for CAN-2004-0797 (FL #2043)

---------------------------------------------------------------------
This update can be downloaded from:
   http://download.fedoralegacy.org/
(sha1sums)

fc1:
815ce5cc7d77184e8075d7b81f16ae94f620ffea 
fedora/1/updates-testing/i386/zlib-1.2.0.7-2.1.legacy.i386.rpm
e7364e589e0a06615c3a02235e54619ca58d0997 
fedora/1/updates-testing/i386/zlib-devel-1.2.0.7-2.1.legacy.i386.rpm
4013ab1384694342ed5083f843c2b78d1f4082a7 
fedora/1/updates-testing/SRPMS/zlib-1.2.0.7-2.1.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050209/54e01bfa/attachment.sig>

More information about the fedora-legacy-list mailing list