Säkerhetsbulletin från Debian

DSA-763-1 zlib -- överbelastningsattack

Rapporterat den:
2005-07-20
Berörda paket:
zlib
Sårbara:
Ja
Referenser i säkerhetsdatabaser:
I Mitres CVE-förteckning: CVE-2005-1849.
Ytterligare information:

Markus Oberhumer upptäckte ett fel i sättet zlib, ett bibliotek som används för filkomprimering/-dekomprimering, hanterar felaktig indata. Felet kan få program som använder zlib att krascha när en felaktig fil öppnas.

Detta problem påverkar inte det gamla stabila distributionen (Woody).

För den nuvarande stabila utgåvan (Sarge) har detta problem rättats i version 1.2.2-4.sarge.2.

För den instabila utgåvan (Sid) har detta problem rättats i version 1.2.3-1.

Vi rekommenderar att ni uppgraderar ert zlib-paket.

Rättat i:

Debian GNU/Linux 3.1 (stable)

Källkod:
http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2.orig.tar.gz
http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.dsc
http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.diff.gz
Alpha:
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_alpha.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_alpha.udeb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_alpha.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_alpha.deb
ARM:
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_arm.udeb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_arm.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_arm.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_arm.deb
HP Precision:
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_hppa.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_hppa.udeb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_hppa.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_i386.udeb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_i386.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_i386.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_ia64.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_ia64.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_ia64.udeb
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_ia64.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_m68k.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_m68k.udeb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_m68k.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_m68k.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_mips.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_mips.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_mips.udeb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_mipsel.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_mipsel.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_mipsel.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_mipsel.udeb
PowerPC:
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_powerpc.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_powerpc.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_powerpc.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_powerpc.udeb
IBM S/390:
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_s390.udeb
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_s390.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_s390.deb
http://security.debian.org/pool/updates/main/z/zlib/lib64z1_1.2.2-4.sarge.2_s390.deb
http://security.debian.org/pool/updates/main/z/zlib/lib64z1-dev_1.2.2-4.sarge.2_s390.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_sparc.deb
http://security.debian.org/pool/updates/main/z/zlib/lib64z1-dev_1.2.2-4.sarge.2_sparc.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_sparc.udeb
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_sparc.deb
http://security.debian.org/pool/updates/main/z/zlib/lib64z1_1.2.2-4.sarge.2_sparc.deb
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_sparc.deb

MD5-kontrollsummor för dessa filer finns i originalbulletinen.