Fedora Legacy Test Update Notification: zlib

Marc Deslauriers marcdeslauriers at videotron.ca
Sat Jul 16 18:57:41 UTC 2005 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-162680
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162680
2005-07-16
---------------------------------------------------------------------

Name        : zlib
Versions    : fc1: zlib-1.2.0.7-2.2.legacy
Versions    : fc2: zlib-1.2.1.2-0.fc2.1.legacy
Summary     : The zlib compression and decompression library.
Description :
Zlib is a general-purpose, patent-free, lossless data compression
library which is used by many different programs.

---------------------------------------------------------------------
Update Information:

Updated Zlib packages that fix a buffer overflow are now available.

Zlib is a general-purpose lossless data compression library which is
used by many different programs.

Tavis Ormandy discovered a buffer overflow affecting Zlib version 1.2
and above. An attacker could create a carefully crafted compressed
stream that would cause an application to crash if the stream is opened
by a user. As an example, an attacker could create a malicious PNG image
file which would cause a web browser or mail viewer to crash if the
image is viewed. The Common Vulnerabilities and Exposures project
assigned the name CAN-2005-2096 to this issue.

All users should update to these erratum packages which contain a patch
from Mark Adler which corrects this issue.

---------------------------------------------------------------------
Changelogs

fc1:
* Wed Jul 13 2005 Jeff Sheltren <sheltren at cs.ucsb.edu> 1.2.0.7-2.2.legacy
- Patch for buffer overflow (#162680) CAN-2005-2096

fc2:
* Wed Jul 13 2005 Jeff Sheltren <sheltren at cs.ucsb.edu>
1.2.1.2-0.fc2.1.legacy
- Patch buffer overflow (#162680), CAN-2005-2096

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

8638918082aaee312e8311ddf56391cf88bd621a
fedora/1/updates-testing/i386/zlib-1.2.0.7-2.2.legacy.i386.rpm
aafba6e837b2c82ba79affe61b0ef71863505fba
fedora/1/updates-testing/i386/zlib-devel-1.2.0.7-2.2.legacy.i386.rpm
9cca71f3eeb03dad93851d6c66e70773f8369070
fedora/1/updates-testing/SRPMS/zlib-1.2.0.7-2.2.legacy.src.rpm
7ec6202d58ed3a41f3575757b111ab88622081d7
fedora/2/updates-testing/i386/zlib-1.2.1.2-0.fc2.1.legacy.i386.rpm
450f8ce4f02f36dbee569c0a9fdbe772829dce15
fedora/2/updates-testing/i386/zlib-devel-1.2.1.2-0.fc2.1.legacy.i386.rpm
64599917d793d263bbc522d8b0da1495577ca55e
fedora/2/updates-testing/SRPMS/zlib-1.2.1.2-0.fc2.1.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050716/87cf80e1/attachment.sig>

More information about the fedora-legacy-list mailing list