![[LWN Logo]](/images/lcorner.png)
![[LWN.net]](/images/Included.png)
|
|
|
|
From: Eridani Star System <linux@eridani.co.uk> To: eridani-announce@eridani.co.uk Subject: [Eridani-Announce] ERISA-2002:008 - zlib libz update Date: Wed, 13 Mar 2002 19:40:14 +0000 (GMT) ========================================================================= ERIDANI LINUX - SECURITY ANNOUNCEMENT ========================================================================= Package: libz Summary: Double free() bug Date: 2002-03-13 ID: ERISA-2002:008 ========================================================================= Problem description: zlib 1.1.3 contains a condition where a buffer could be freed twice, thus corrupting malloc()'s data structures. This bug could be used to crash any program that takes untrusted input, making it easy to perform a multitude of denial-of-service attacks. With the corruption of the malloc() data structures, an attacker could craft an attack which could cause malicious code to be run on local or remote systems. cve.mitre.org havs assigned the name CAN-2002-0059 to this issue. Many packages use this library, either dynamically or statically, a few contain a local copy of it. These are addressed in ERISA-2002:009. ------------------------------------------------------------------------- Updated packages: 6737b67e1493f3b53af2b5042a7d3bf4 zlib-1.1.3-26.src.rpm 05fd9df4fb60d697dc081c035a2e5ac5 zlib-1.1.3-26.i386.rpm c8c4abf8f07d4832e9e917d485e75870 zlib-devel-1.1.3-26.i386.rpm ------------------------------------------------------------------------- References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0059 ========================================================================= Packages available from ftp://ftp.eridani.co.uk/pub/Aeryn/ or by HTTP from http://ftp.eridani.co.uk/ Packages are signed with our GNU GPG key, also on our FTP site. Users of releases of Eridani Linux prior to 6.3 are advised to download the source RPM and rebuild for their system. Copyright (C)2002 Eridani Star System -- Michael "Soruk" McConnell http://www.eridani.co.uk Eridani Linux -- The Most Up-to-Date Red Hat-based Linux CDROMs Available Email: linux@eridani.co.uk -- Also Debian, Slackware, Mandrake and more... _______________________________________________ Eridani-Announce mailing list To be removed from this list email linux@eridani.co.uk requesting removal.