Debians sikkerhedsbulletin

DSA-740-1 zlib -- fjern-lammelsesangreb

Rapporteret den:
6. jul 2005
Berørte pakker:
zlib
Sårbar:
Ja
Referencer i sikkerhedsdatabaser:
I Mitres CVE-ordbog: CVE-2005-2096.
Yderligere oplysninger:

En fejl i den både zlib håndterer udpakning af visse komprimerede filer, kan medføre at et program som anvender zlib går ned ved åbning af en korrupt fil.

Problemet påvirker ikke den gamle stabile distribution (woody).

I den stabile distribution (sarge), er dette problem rettet i version 1.2.2-4.sarge.1.

I den ustabile distribution, er dette problem rettet i version 1.2.2-7.

Vi anbefaler at du opgraderer din zlib-pakke.

Rettet i:

Debian GNU/Linux 3.1 (sarge)

Kildekode:
http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.1.dsc
http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.1.diff.gz
http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2.orig.tar.gz
Alpha:
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_alpha.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_alpha.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_alpha.deb
ARM:
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_arm.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_arm.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_i386.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_i386.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_ia64.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_ia64.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_ia64.deb
HPPA:
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_hppa.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_hppa.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_hppa.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_m68k.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_m68k.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_mips.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_mips.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_mips.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_mipsel.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_mipsel.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_powerpc.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_powerpc.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/z/zlib/lib64z1_1.2.2-4.sarge.1_s390.deb
http://security.debian.org/pool/updates/main/z/zlib/lib64z1-dev_1.2.2-4.sarge.1_s390.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_s390.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_s390.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/z/zlib/lib64z1_1.2.2-4.sarge.1_sparc.deb
http://security.debian.org/pool/updates/main/z/zlib/lib64z1-dev_1.2.2-4.sarge.1_sparc.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_sparc.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_sparc.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.