Aviso de seguridad de Debian
DSA-122-1 zlib -- error de malloc (doble liberación)
- Fecha del informe:
- 11 de mar de 2002
- Paquetes afectados:
- zlib
- Vulnerable:
- Sí
- Referencias a bases de datos de seguridad:
- En el diccionario CVE de Mitre: CVE-2002-0059.
- Información adicional:
-
La biblioteca de compresión zlib tiene un defecto en el que intenta liberar memoria más de una vez bajo ciertas condiciones. Esto puede ser explotado posiblemente para ejecutar código arbitrario en un programa que incluya zlib. Si una aplicación de red se está ejecutando como root y está enlazada a zlib, esto podría conducir potencialmente a un compromiso de seguridad remota de root. No se conocen explotaciones en este momento. Esta vulnerabilidad está asignada con el nombre candidato de CVE de CAN-2002-0059.
La vulnerabilidd de zlib está arreglada en los paquetes zlib de Debian versión 1.1.3-5.1. Un número de programas están enlazados estáticamente a zlib o incluyen una copia privada del código de zlib. Estos programas también se deben actualizar para eliminar la vulnerabilidad de zlib. Los paquetes afectados y las versiones arregladas se exponen a continuación:
- amaya 2.4-1potato1
- dictd 1.4.9-9potato1
- erlang 49.1-10.1
- freeamp 2.0.6-2.1
- mirrordir 0.10.48-2.1
- ppp 2.3.11-1.5
- rsync 2.3.2-1.6
- vrweb 1.5-5.1
Aquellos que esté usando una versión no liberada (testing) de Debian deberían actualizarse a zlib 1.1.3-19.1 o a una versión posterior. Fíjese en que esta versión de Debian aún no ha sido liberada y puede no estar disponible inmediatamente para todas las arquitecturas. Debian 2.2 (potato) es la última versión soportada.
Le recomendamos que actualice sus paquetes inmediatamente. Fíjese en que debería reiniciar todos los programas que usar la biblioteca zlib compartida para que la reparación sea efectiva. Esto se hace más fácilmente reiniciando el sistema.
- Arreglado en:
-
Debian GNU/Linux 2.2 (potato)
- Fuentes:
- http://security.debian.org/dists/stable/updates/main/source/amaya_2.4-1potato1.diff.gz
MD5 checksum: 8b7e02c4e32b5af668eb546d71170620- http://security.debian.org/dists/stable/updates/main/source/amaya_2.4-1potato1.dsc
MD5 checksum: 26451580b96e586120f8edb57ae07855- http://security.debian.org/dists/stable/updates/main/source/dictd_1.4.9-9potato1.diff.gz
MD5 checksum: c6e6bdcc444124e7a12ef924cfd4e94f- http://security.debian.org/dists/stable/updates/main/source/dictd_1.4.9-9potato1.dsc
MD5 checksum: d39c2bd83ed1178e441c55be2d4ca980- http://security.debian.org/dists/stable/updates/main/source/erlang_49.1-10.1.diff.gz
MD5 checksum: 4c9594e4e9ecd32f932ef1c441e1926a- http://security.debian.org/dists/stable/updates/main/source/erlang_49.1-10.1.dsc
MD5 checksum: 48b631745b1ddfe02be7dc06e9695fa2- http://security.debian.org/dists/stable/updates/main/source/freeamp_2.0.6-2.1.diff.gz
MD5 checksum: 5c356b5999d62763343c930c6c1d5aa2- http://security.debian.org/dists/stable/updates/main/source/freeamp_2.0.6-2.1.dsc
MD5 checksum: 5bd1fbceb6a810da65aec534cf3a3234- http://security.debian.org/dists/stable/updates/main/source/mirrordir_0.10.48-2.1.diff.gz
MD5 checksum: 839961cc3ed655757c1c802fd03efd56- http://security.debian.org/dists/stable/updates/main/source/mirrordir_0.10.48-2.1.dsc
MD5 checksum: cb1c985cd95a9f59a517e14e24d2a7e8- http://security.debian.org/dists/stable/updates/main/source/ppp_2.3.11-1.5.diff.gz
MD5 checksum: 3a1cf6315b17f2f83d5aea971d8e468d- http://security.debian.org/dists/stable/updates/main/source/ppp_2.3.11-1.5.dsc
MD5 checksum: 75a5827497f1d4c23aaad79358723079- http://security.debian.org/dists/stable/updates/main/source/rsync_2.3.2-1.6.diff.gz
MD5 checksum: f6db414ebdbad942698243dd9b5068d7- http://security.debian.org/dists/stable/updates/main/source/rsync_2.3.2-1.6.dsc
MD5 checksum: 32bf6c8c200f3efbf7ee5b3016ce512a- http://security.debian.org/dists/stable/updates/main/source/vrweb_1.5-5.1.diff.gz
MD5 checksum: 85be86d09c96de9f1b6672ec172700cd- http://security.debian.org/dists/stable/updates/main/source/vrweb_1.5-5.1.dsc
MD5 checksum: e87bcdec444fb501a38a6cd917bf1428- http://security.debian.org/dists/stable/updates/main/source/zlib_1.1.3-5.1.diff.gz
MD5 checksum: 6ab5b82c42f9455d8126afe111a0020d- http://security.debian.org/dists/stable/updates/main/source/zlib_1.1.3-5.1.dsc
MD5 checksum: 68a4a7329b43a42d695ef1d57c483113 - http://security.debian.org/dists/stable/updates/main/source/amaya_2.4-1potato1.dsc
- Componentes independientes de la arquitectura:
- http://security.debian.org/dists/stable/updates/main/binary-all/erlang-base_49.1-10.1_all.deb
MD5 checksum: 8c9400db85a52e19b979bba867ad1ecd- http://security.debian.org/dists/stable/updates/main/binary-all/erlang-erl_49.1-10.1_all.deb
MD5 checksum: 65e8b03fb8e56695d1367a5dc6747a45- http://security.debian.org/dists/stable/updates/main/binary-all/erlang-java_49.1-10.1_all.deb
MD5 checksum: 74c2d0ac9fb9c0d27c59610317256d1e- http://security.debian.org/dists/stable/updates/main/binary-all/freeamp-doc_2.0.6-2.1_all.deb
MD5 checksum: 8e434427d2962da24852bdbf8504d916 - http://security.debian.org/dists/stable/updates/main/binary-all/erlang-erl_49.1-10.1_all.deb
- Alpha: Fixed erlang and freeamp packages are not yet available.
- http://security.debian.org/dists/stable/updates/main/binary-alpha/amaya_2.4-1potato1_alpha.deb
MD5 checksum: 103e503b9cdea75b1b1180184f09ee06- http://security.debian.org/dists/stable/updates/main/binary-alpha/dict_1.4.9-9potato1_alpha.deb
MD5 checksum: 587a8fad2ea2ea65ac9136034121d763- http://security.debian.org/dists/stable/updates/main/binary-alpha/dictd_1.4.9-9potato1_alpha.deb
MD5 checksum: 392faaa8797b42039f710a197a449eeb- http://security.debian.org/dists/stable/updates/main/binary-alpha/mirrordir_0.10.48-2.1_alpha.deb
MD5 checksum: 864abf2f06ca92b59519eb68ac7792fe- http://security.debian.org/dists/stable/updates/main/binary-alpha/ppp_2.3.11-1.5_alpha.deb
MD5 checksum: 25437980d4ab9d19a7867362eeb5223e- http://security.debian.org/dists/stable/updates/main/binary-alpha/rsync_2.3.2-1.6_alpha.deb
MD5 checksum: 89b44c524f87976d50527e740a6568e1- http://security.debian.org/dists/stable/updates/main/binary-alpha/vrweb_1.5-5.1_alpha.deb
MD5 checksum: 0f1787afbf74aac8dbd1838116682477- http://security.debian.org/dists/stable/updates/main/binary-alpha/zlib-bin_1.1.3-5.1_alpha.deb
MD5 checksum: 5c4bec088a589a7fc2d95ed2631b6c3b- http://security.debian.org/dists/stable/updates/main/binary-alpha/zlib1g-dev_1.1.3-5.1_alpha.deb
MD5 checksum: 21cbcdb89af9bfad1d67e32250092252- http://security.debian.org/dists/stable/updates/main/binary-alpha/zlib1g_1.1.3-5.1_alpha.deb
MD5 checksum: eda30505a1272966bb38efe8a866355f - http://security.debian.org/dists/stable/updates/main/binary-alpha/dict_1.4.9-9potato1_alpha.deb
- ARM: Fixed erlang and freeamp packages are not yet available
- http://security.debian.org/dists/stable/updates/main/binary-arm/amaya_2.4-1potato1_arm.deb
MD5 checksum: 98366f4267c4d33a750ef54555f510e6- http://security.debian.org/dists/stable/updates/main/binary-arm/dict_1.4.9-9potato1_arm.deb
MD5 checksum: 18f41595d4f1fb35479d37b57c54e539- http://security.debian.org/dists/stable/updates/main/binary-arm/dictd_1.4.9-9potato1_arm.deb
MD5 checksum: edaa15b32639ba25fcfa093fdd8639da- http://security.debian.org/dists/stable/updates/main/binary-arm/mirrordir_0.10.48-2.1_arm.deb
MD5 checksum: 12a1fdb998a2b99909c5f64326c517c8- http://security.debian.org/dists/stable/updates/main/binary-arm/ppp_2.3.11-1.5_arm.deb
MD5 checksum: 2143bc17f7f3627cf2ac76a886ee83b9- http://security.debian.org/dists/stable/updates/main/binary-arm/rsync_2.3.2-1.6_arm.deb
MD5 checksum: df6bf519af26c155b059a1d72e237be5- http://security.debian.org/dists/stable/updates/main/binary-arm/vrweb_1.5-5.1_arm.deb
MD5 checksum: c368b4b16739004d1da8d99d616a53af- http://security.debian.org/dists/stable/updates/main/binary-arm/zlib-bin_1.1.3-5.1_arm.deb
MD5 checksum: f32088581e8ca649264f5ead2b8ff662- http://security.debian.org/dists/stable/updates/main/binary-arm/zlib1g-dev_1.1.3-5.1_arm.deb
MD5 checksum: b39746f9b8f5d0a1689de2ae3c87c067- http://security.debian.org/dists/stable/updates/main/binary-arm/zlib1g_1.1.3-5.1_arm.deb
MD5 checksum: e65571a96e96e55d83030e6f8ea62646 - http://security.debian.org/dists/stable/updates/main/binary-arm/dict_1.4.9-9potato1_arm.deb
- Intel ia32:
- http://security.debian.org/dists/stable/updates/main/binary-i386/amaya_2.4-1potato1_i386.deb
MD5 checksum: 9edc31d21f777409a4e836eac02edaf7- http://security.debian.org/dists/stable/updates/main/binary-i386/dict_1.4.9-9potato1_i386.deb
MD5 checksum: 1ef7ecdd761ae384185ce519a3a6e723- http://security.debian.org/dists/stable/updates/main/binary-i386/dictd_1.4.9-9potato1_i386.deb
MD5 checksum: ff61f3719b33c0c839f3447f72066d78- http://security.debian.org/dists/stable/updates/main/binary-i386/erlang_49.1-10.1_i386.deb
MD5 checksum: d933a67f85b37f5b91b60bb7052ba443- http://security.debian.org/dists/stable/updates/main/binary-i386/freeamp_2.0.6-2.1_i386.deb
MD5 checksum: 0e60fd65d7c36c8fb2dc2dda5ae78ce7- http://security.debian.org/dists/stable/updates/main/binary-i386/libfreeamp-alsa_2.0.6-2.1_i386.deb
MD5 checksum: 05508140d8b28de7a9677b442b034ca2- http://security.debian.org/dists/stable/updates/main/binary-i386/libfreeamp-esound_2.0.6-2.1_i386.deb
MD5 checksum: 540e4bca658ab95e92b232cba362a0e8- http://security.debian.org/dists/stable/updates/main/binary-i386/mirrordir_0.10.48-2.1_i386.deb
MD5 checksum: fd0d7ceb5fa949455b87b3beec7809d8- http://security.debian.org/dists/stable/updates/main/binary-i386/ppp_2.3.11-1.5_i386.deb
MD5 checksum: aab4d275165c490a7a153c080d26c232- http://security.debian.org/dists/stable/updates/main/binary-i386/rsync_2.3.2-1.6_i386.deb
MD5 checksum: dbb3fd68442fc31cd474f73feb6e69cd- http://security.debian.org/dists/stable/updates/main/binary-i386/vrweb_1.5-5.1_i386.deb
MD5 checksum: 38b6552e9531c4082e0e26b7b309a1bc- http://security.debian.org/dists/stable/updates/main/binary-i386/zlib-bin_1.1.3-5.1_i386.deb
MD5 checksum: 3b7a51b2f7920fbbdc41d0385d633277- http://security.debian.org/dists/stable/updates/main/binary-i386/zlib1-altdev_1.1.3-5.1_i386.deb
MD5 checksum: ad125010b4fe3fd81450df3d9a4f4495- http://security.debian.org/dists/stable/updates/main/binary-i386/zlib1_1.1.3-5.1_i386.deb
MD5 checksum: a22ed0933265d6fc60e088e7b9fac767- http://security.debian.org/dists/stable/updates/main/binary-i386/zlib1g-dev_1.1.3-5.1_i386.deb
MD5 checksum: 4bd5ee2a61508ad5a65c1f2cfdc999d1- http://security.debian.org/dists/stable/updates/main/binary-i386/zlib1g_1.1.3-5.1_i386.deb
MD5 checksum: fe990607608285642f4f5a8834a43515 - http://security.debian.org/dists/stable/updates/main/binary-i386/dict_1.4.9-9potato1_i386.deb
- Motorola 680x0: Fixed amaya, erlang, and freeamp packages are not yet available
- http://security.debian.org/dists/stable/updates/main/binary-m68k/dict_1.4.9-9potato1_m68k.deb
MD5 checksum: 53f263726d3ac8cdf9871f2afa1404e1- http://security.debian.org/dists/stable/updates/main/binary-m68k/dictd_1.4.9-9potato1_m68k.deb
MD5 checksum: 5deebe594adb9c3fce05340aab13a93b- http://security.debian.org/dists/stable/updates/main/binary-m68k/mirrordir_0.10.48-2.1_m68k.deb
MD5 checksum: f5f484a482df62b25c6672b0e6a36840- http://security.debian.org/dists/stable/updates/main/binary-m68k/ppp_2.3.11-1.5_m68k.deb
MD5 checksum: 41f54ba14ecaeb73b3e67f47fc4b449c- http://security.debian.org/dists/stable/updates/main/binary-m68k/rsync_2.3.2-1.6_m68k.deb
MD5 checksum: 6ddd7d495dddb8adab5f1ce2cb89cf46- http://security.debian.org/dists/stable/updates/main/binary-m68k/zlib-bin_1.1.3-5.1_m68k.deb
MD5 checksum: ed20e21e130998cdd9c3067c60a85284- http://security.debian.org/dists/stable/updates/main/binary-m68k/zlib1-altdev_1.1.3-5.1_m68k.deb
MD5 checksum: 32f000160aaf7aeffe679340499a077d- http://security.debian.org/dists/stable/updates/main/binary-m68k/zlib1_1.1.3-5.1_m68k.deb
MD5 checksum: 8d5a20517f70e9e320effdbb94960d30- http://security.debian.org/dists/stable/updates/main/binary-m68k/zlib1g-dev_1.1.3-5.1_m68k.deb
MD5 checksum: 0138affc09403329102cb2ac8c1e3233- http://security.debian.org/dists/stable/updates/main/binary-m68k/zlib1g_1.1.3-5.1_m68k.deb
MD5 checksum: f793784742e28455c638c5f222ad35ec - http://security.debian.org/dists/stable/updates/main/binary-m68k/dictd_1.4.9-9potato1_m68k.deb
- PowerPC:
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/amaya_2.4-1potato1_powerpc.deb
MD5 checksum: 635468964d16fedf4adf2bc82ffb2487- http://security.debian.org/dists/stable/updates/main/binary-powerpc/dict_1.4.9-9potato1_powerpc.deb
MD5 checksum: 180c1116e2ab5cc253ccdd904c895a1c- http://security.debian.org/dists/stable/updates/main/binary-powerpc/dictd_1.4.9-9potato1_powerpc.deb
MD5 checksum: bb8952f706da3a6220edfa1a2517b427- http://security.debian.org/dists/stable/updates/main/binary-powerpc/erlang_49.1-10.1_powerpc.deb
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/freeamp_2.0.6-2.1_powerpc.deb
MD5 checksum: 1c9bfdbda16f812b5710489f69ed769b- http://security.debian.org/dists/stable/updates/main/binary-powerpc/libfreeamp-alsa_2.0.6-2.1_powerpc.deb
MD5 checksum: 4a98275c96c880f922cc141660fe31a6- http://security.debian.org/dists/stable/updates/main/binary-powerpc/libfreeamp-esound_2.0.6-2.1_powerpc.deb
MD5 checksum: 43ae8f7d469b2d68c04f10ed4fedd09c- http://security.debian.org/dists/stable/updates/main/binary-powerpc/ppp_2.3.11-1.5_powerpc.deb
MD5 checksum: a2f66003d6dbb68d4a45b82bfde535ba- http://security.debian.org/dists/stable/updates/main/binary-powerpc/rsync_2.3.2-1.6_powerpc.deb
MD5 checksum: 208ee03e22c774110e6c1ce8058cb6ff- http://security.debian.org/dists/stable/updates/main/binary-powerpc/vrweb_1.5-5.1_powerpc.deb
MD5 checksum: 9a99930387c2a4e113d72b1e98a0f22d- http://security.debian.org/dists/stable/updates/main/binary-powerpc/zlib-bin_1.1.3-5.1_powerpc.deb
MD5 checksum: 42b2797840af971b1539804f24961f9b- http://security.debian.org/dists/stable/updates/main/binary-powerpc/zlib1g-dev_1.1.3-5.1_powerpc.deb
MD5 checksum: 1418015984f8eae6900c14aea7e34e27- http://security.debian.org/dists/stable/updates/main/binary-powerpc/zlib1g_1.1.3-5.1_powerpc.deb
MD5 checksum: f3d4c6e5ac91121cc1788ad2918be87b - http://security.debian.org/dists/stable/updates/main/binary-powerpc/dict_1.4.9-9potato1_powerpc.deb
- Sun Sparc: Fixed erlang packages are not yet available
- http://security.debian.org/dists/stable/updates/main/binary-sparc/amaya_2.4-1potato1_sparc.deb
MD5 checksum: 66daff720b4842ba2ffa189cb3ec71e1- http://security.debian.org/dists/stable/updates/main/binary-sparc/dict_1.4.9-9potato1_sparc.deb
MD5 checksum: f21c262fc6ce524e4fa8890e9df664df- http://security.debian.org/dists/stable/updates/main/binary-sparc/dictd_1.4.9-9potato1_sparc.deb
MD5 checksum: 50e092399da866eb963a5d1d8334231e- http://security.debian.org/dists/stable/updates/main/binary-sparc/freeamp_2.0.6-2.1_sparc.deb
MD5 checksum: 5d98e0b0fddfca6f7dd3419845dc0716- http://security.debian.org/dists/stable/updates/main/binary-sparc/libfreeamp-alsa_2.0.6-2.1_sparc.deb
MD5 checksum: 9a9aae3e2675ceb57ea72f4fb97ee15f- http://security.debian.org/dists/stable/updates/main/binary-sparc/libfreeamp-esound_2.0.6-2.1_sparc.deb
MD5 checksum: c866d84dcb7bdbf15c5f6fc248763a7c- http://security.debian.org/dists/stable/updates/main/binary-sparc/mirrordir_0.10.48-2.1_sparc.deb
MD5 checksum: d8244127cddcef161e8897d97e01c412- http://security.debian.org/dists/stable/updates/main/binary-sparc/ppp_2.3.11-1.5_sparc.deb
MD5 checksum: 9e6908bc41505b6b9c52181106656295- http://security.debian.org/dists/stable/updates/main/binary-sparc/rsync_2.3.2-1.6_sparc.deb
MD5 checksum: 042eb6d05e0cc945b58f5016dbebb0b9- http://security.debian.org/dists/stable/updates/main/binary-sparc/vrweb_1.5-5.1_sparc.deb
MD5 checksum: 5f05c34d1a08204fe7112f2968cf092e- http://security.debian.org/dists/stable/updates/main/binary-sparc/zlib-bin_1.1.3-5.1_sparc.deb
MD5 checksum: adb48a5e589c83b0f0bcb362b6ae9121- http://security.debian.org/dists/stable/updates/main/binary-sparc/zlib1g-dev_1.1.3-5.1_sparc.deb
MD5 checksum: 23fda7fd35dddb0d6e57a4042b86c727- http://security.debian.org/dists/stable/updates/main/binary-sparc/zlib1g_1.1.3-5.1_sparc.deb
MD5 checksum: 6e1acae215a1e1073184936958f07d31 - http://security.debian.org/dists/stable/updates/main/binary-sparc/dict_1.4.9-9potato1_sparc.deb
Las sumas MD5 de los ficheros que se listan están disponibles en el aviso original.