Debians sikkerhedsbulletin

DSA-763-1 zlib -- fjern-DoS-angreb

Rapporteret den:

20. jul 2005

Berørte pakker:

zlib

Sårbar:

Referencer i sikkerhedsdatabaser:

I Mitres CVE-ordbog: CVE-2005-1849.

Yderligere oplysninger:

Markus Oberhumer har opdaget en fejl i den måde zlib, et bibliotek der anvendes til komprimering og dekomprimering af filer, håndterer ukorrekte inddata. Fejlen kunne få programmer der anvender zlib til at gå ned når en ugyldig fil blev åbnet.

Dette problem påvirker ikke den gamle stabile distribution (woody).

I den nuværende stabile distribution (sarge), er dette problem rettet i version 1.2.2-4.sarge.2.

I den ustabile distribution (sid), er dette problem rettet i version 1.2.3-1.

Vi anbefaler at du opgraderer din zlib-pakke.

Rettet i:

Debian GNU/Linux 3.1 (stable)

Kildekode:: http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2.orig.tar.gz; http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.dsc; http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.diff.gz
Alpha:: http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_alpha.deb; http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_alpha.udeb; http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_alpha.deb; http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_arm.udeb; http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_arm.deb; http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_arm.deb; http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_arm.deb
HP Precision:: http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_hppa.deb; http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_hppa.udeb; http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_hppa.deb; http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_hppa.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_i386.udeb; http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_i386.deb; http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_i386.deb; http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_ia64.deb; http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_ia64.deb; http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_ia64.udeb; http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_ia64.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_m68k.deb; http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_m68k.udeb; http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_m68k.deb; http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_m68k.deb
Big-endian MIPS:: http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_mips.deb; http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_mips.deb; http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_mips.udeb; http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_mips.deb
Little-endian MIPS:: http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_mipsel.deb; http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_mipsel.deb; http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_mipsel.deb; http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_mipsel.udeb
PowerPC:: http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_powerpc.deb; http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_powerpc.deb; http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_powerpc.deb; http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_powerpc.udeb
IBM S/390:: http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_s390.udeb; http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_s390.deb; http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_s390.deb; http://security.debian.org/pool/updates/main/z/zlib/lib64z1_1.2.2-4.sarge.2_s390.deb; http://security.debian.org/pool/updates/main/z/zlib/lib64z1-dev_1.2.2-4.sarge.2_s390.deb; http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_sparc.deb; http://security.debian.org/pool/updates/main/z/zlib/lib64z1-dev_1.2.2-4.sarge.2_sparc.deb; http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_sparc.udeb; http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_sparc.deb; http://security.debian.org/pool/updates/main/z/zlib/lib64z1_1.2.2-4.sarge.2_sparc.deb; http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.