Mandrake alert: packages containing zlib update

Posted by dave on Mar 13, 2002 3:56 PM EDT
Mailing list
Mail this story
Print this story

Matthias Clasen found a security issue in zlib that, when provided with certain input, causes zlib to free an area of memory twice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

Mandrake Linux Security Update Advisory ________________________________________________________________________

Package name: packages containing zlib Advisory ID: MDKSA-2002:023-1 Date: March 13th, 2002 Original Advisory Date: March 12th, 2002 Affected versions: 7.1, 7.2, 8.0, 8.1, Corporate Server 1.0.1 ________________________________________________________________________

Problem Description:

Matthias Clasen found a security issue in zlib that, when provided with certain input, causes zlib to free an area of memory twice. This "double free" bug can be used to crash any programs that take untrusted compressed input, such as web browsers, email clients, image viewing software, etc. This vulnerability can be used to perform Denial of Service attacks and, quite possibly, the execution of arbitrary code on the affected system.

MandrakeSoft has published two advisories concerning this incident:

MDKSA-2002:022 - zlib MDKSA-2002:023 - packages containing zlib

Update:

Additional package are now available. For a list of prior packages released, please see MDKSA-2002:023. The noted packages below are in addition to MDKSA-2002:023; no packages have been replaced. ________________________________________________________________________

References:

http://www.kb.cert.org/vuls/id/368819 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0059 ________________________________________________________________________

Updated Packages:

Linux-Mandrake 7.1: 2d27c00ee4d2ab51a6aadb8f40dad47f 7.1/RPMS/mirrordir-0.10.44-4.2mdk.i586.rpm 338b5c6dcbb77ed47af0872d7ab25546 7.1/SRPMS/mirrordir-0.10.44-4.2mdk.src.rpm

Linux-Mandrake 7.2: 66c94355997803c9882290a0b0cb5d0d 7.2/RPMS/mirrordir-0.10.44-4.1mdk.i586.rpm 1f97eb5eeb8289cc467075f954adf8d5 7.2/SRPMS/mirrordir-0.10.44-4.1mdk.src.rpm

Mandrake Linux 8.0: 5b57acce2c0d4d540a976732708e9fb1 8.0/RPMS/libdiffie1-0.10.49-4.1mdk.i586.rpm e5d13156d7d49283b7d38454146a1061 8.0/RPMS/libdiffie1-devel-0.10.49-4.1mdk.i586.rpm dc76274eeebe8f532dc2d3f9bd609de7 8.0/RPMS/libgcj-2.96-2.1mdk.i586.rpm c7797c0a4d1db9cc989e556824e32b5b 8.0/RPMS/libgcj-devel-2.96-2.1mdk.i586.rpm 87145d7098dbfe2ba2afe9221975de20 8.0/RPMS/libmirrordirz1-0.10.49-4.1mdk.i586.rpm 6d18ea3747ed788ea810e08740657be4 8.0/RPMS/libmirrordirz1-devel-0.10.49-4.1mdk.i586.rpm 0a51fab455d57ff2a077a0ca67c92f84 8.0/RPMS/mirrordir-0.10.49-4.1mdk.i586.rpm 33aa51f4fd5001939fa0da7595ae71f2 8.0/SRPMS/libgcj-2.96-2.1mdk.src.rpm a3418ab0c7871a9dae31c6d0c4ec8297 8.0/SRPMS/mirrordir-0.10.49-4.1mdk.src.rpm

Mandrake Linux 8.0/ppc: 3354f857f116912c46e25d8da41a96b4 ppc/8.0/RPMS/libdiffie1-0.10.49-4.1mdk.ppc.rpm 55adf8d07c9f2a6fb6f805586aaa2158 ppc/8.0/RPMS/libdiffie1-devel-0.10.49-4.1mdk.ppc.rpm 4f038b0280b46da823cbeccd247ee2e9 ppc/8.0/RPMS/libmirrordirz1-0.10.49-4.1mdk.ppc.rpm 7acd9c8829ae6158a0a33b6e90ff6f09 ppc/8.0/RPMS/libmirrordirz1-devel-0.10.49-4.1mdk.ppc.rpm 73a05a049a7abbacf6418099b40b85bf ppc/8.0/RPMS/mirrordir-0.10.49-4.1mdk.ppc.rpm a3418ab0c7871a9dae31c6d0c4ec8297 ppc/8.0/SRPMS/mirrordir-0.10.49-4.1mdk.src.rpm

Mandrake Linux 8.1: dad3b87f67063c3b3f408f1d5bc3f563 8.1/RPMS/libdiffie1-0.10.49-4.1mdk.i586.rpm 9ebbd056896bcd37a7529fc691d6e630 8.1/RPMS/libdiffie1-devel-0.10.49-4.1mdk.i586.rpm e1892ff3678c5834939ac126d2b5099e 8.1/RPMS/libgcj-2.96-4.1mdk.i586.rpm a7b86d4d31b8db6fc6d52d9af2adb363 8.1/RPMS/libgcj-devel-2.96-4.1mdk.i586.rpm 39a8ac80320b606dfee1351793588129 8.1/RPMS/libmirrordirz1-0.10.49-4.1mdk.i586.rpm d6a48a1475811246cb7c81c6d215d88c 8.1/RPMS/libmirrordirz1-devel-0.10.49-4.1mdk.i586.rpm 8cf0df0d8d996424fbdee0f2063935d0 8.1/RPMS/mirrordir-0.10.49-4.1mdk.i586.rpm 8c7ddb0e3765fa6a5ee8e2eac72dcaca 8.1/SRPMS/libgcj-2.96-4.1mdk.src.rpm a3418ab0c7871a9dae31c6d0c4ec8297 8.1/SRPMS/mirrordir-0.10.49-4.1mdk.src.rpm

Mandrake Linux 8.1/ia64: da3cc5c42395aaf89ef77c877c6e8909 ia64/8.1/RPMS/libdiffie1-0.10.49-4.1mdk.ia64.rpm 8635c1d2707c026c0f8026dfccc3a6c1 ia64/8.1/RPMS/libdiffie1-devel-0.10.49-4.1mdk.ia64.rpm 7258fbf7a30dae9da9418bbd11baeca8 ia64/8.1/RPMS/libmirrordirz1-0.10.49-4.1mdk.ia64.rpm e0f35d1d2685b2a9a3cf7ec3c8231102 ia64/8.1/RPMS/libmirrordirz1-devel-0.10.49-4.1mdk.ia64.rpm 7b6daba21f5b12bdb75c712a467abfb6 ia64/8.1/RPMS/mirrordir-0.10.49-4.1mdk.ia64.rpm a3418ab0c7871a9dae31c6d0c4ec8297 ia64/8.1/SRPMS/mirrordir-0.10.49-4.1mdk.src.rpm

Corporate Server 1.0.1: 2d27c00ee4d2ab51a6aadb8f40dad47f 1.0.1/RPMS/mirrordir-0.10.44-4.2mdk.i586.rpm 338b5c6dcbb77ed47af0872d7ab25546 1.0.1/SRPMS/mirrordir-0.10.44-4.2mdk.src.rpm ________________________________________________________________________

Bug IDs fixed (see https://qa.mandrakesoft.com for more information):

________________________________________________________________________

To upgrade automatically, use MandrakeUpdate. The verification of md5 checksums and GPG signatures is performed automatically for you.

If you want to upgrade manually, download the updated package from one of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm". A list of FTP mirrors can be obtained from:

http://www.mandrakesecure.net/en/ftp.php

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command:

rpm --checksig <filename>

All packages are signed by MandrakeSoft for security. You can obtain the GPG public key of the Mandrake Linux Security Team from:

https://www.mandrakesecure.net/RPM-GPG-KEYS

Please be aware that sometimes it takes the mirrors a few hours to update.

You can view other update advisories for Mandrake Linux at:

http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by visiting:

http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

security@linux-mandrake.com ________________________________________________________________________

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security@linux-mandrake.com>

- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.5 (GNU/Linux) Comment: For info see http://www.gnupg.org

mQGiBDlp594RBAC2tDozI3ZgQsE7XwxurJCJrX0L5vx7SDByR5GHDdWekGhdiday L4nfUax+SeR9SCoCgTgPW1xB8vtQc8/sinJlMjp9197a2iKM0FOcPlkpa3HcOdt7 WKJqQhlMrHvRcsivzcgqjH44GBBJIT6sygUF8k0lU6YnMHj5MPc/NGWt8wCg9vKo P0l5QVAFSsHtqcU9W8cc7wMEAJzQsAlnvPXDBfBLEH6u7ptWFdp0GvbSuG2wRaPl hynHvRiE01ZvwbJZXsPsKm1z7uVoW+NknKLunWKB5axrNXDHxCYJBzY3jTeFjsqx PFZkIEAQphLTkeXXelAjQ5u9tEshPswEtMvJvUgNiAfbzHfPYmq8D6x5xOw1IySg 2e/LBACxr2UJYCCB2BZ3p508mAB0RpuLGukq+7UWiOizy+kSskIBg2O7sQkVY/Cs iyGEo4XvXqZFMY39RBdfm2GY+WB/5NFiTOYJRKjfprP6K1YbtsmctsX8dG+foKsD LLFs7OuVfaydLQYp1iiN6D+LJDSMPM8/LCWzZsgr9EKJ8NXiyrQ6TGludXggTWFu ZHJha2UgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAbGludXgtbWFuZHJha2UuY29t PohWBBMRAgAWBQI5aefeBAsKBAMDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmK6LAKCy /NInDsaMSI+WHwrquwC5PZrcnQCeI+v3gUDsNfQfiKBvQSANu1hdulqIRgQQEQIA BgUCOtNVGQAKCRBZ5w3um0pAJJWQAKDUoL5He+mKbfrMaTuyU5lmRyJ0fwCgoFAP WdvQlu/kFjphF740XeOwtOqIRgQQEQIABgUCOu8A6QAKCRBynDnb9lq3CnpjAJ4w Pk0SEE9U4r40IxWpwLU+wrWVugCdFfSPllPpZRCiaC7HwbFcfExRmPa5AQ0EOWnn 7xAEAOQlTVY4TiNo5V/iP0J1xnqjqlqZsU7yEBKo/gZz6/+hx75RURe1ebiJ9F77 9FQbpJ9Epz1KLSXvq974rnVb813zuGdmgFyk+ryA/rTR2RQ8h+EoNkwmATzRxBXV Jb57fFQjxOu4eNjZAtfII/YXb0uyXXrdr5dlJ/3eXrcO4p0XAAMFBACCxo6Z269s +A4v8C6Ui12aarOQcCDlV8cVG9LkyatU3FNTlnasqwo6EkaP572448weJWwN6SCX Vl+xOYLiK0hL/6Jb/O9Agw75yUVdk+RMM2I4fNEi+y4hmfMh2siBv8yEkEvZjTcl 3TpkTfzYky85tu433wmKaLFOv0WjBFSikohGBBgRAgAGBQI5aefvAAoJEJqo0NAi RYqYid0AoJgeWzXrEdIClBOSW5Q6FzqJJyaqAKC0Y9YI3UFlE4zSIGjcFlLJEJGX lA== =0ahQ - -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org

iD8DBQE8j/SEmqjQ0CJFipgRAnJGAJ0ZMxFuUKcsg3q0dagkwgEtJ3hi6wCg090i dYqLLUyRAQWnWjBfTrmAO04= =Y1D9 -----END PGP SIGNATURE-----

  Nav
» Read more about: Story Type: Security; Groups: Mandriva

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.