Säkerhetsbulletin från Debian
DSA-740-1 zlib -- överbelastningsattack utifrån
- Rapporterat den:
- 2005-07-06
- Berörda paket:
- zlib
- Sårbara:
- Ja
- Referenser i säkerhetsdatabaser:
- I Mitres CVE-förteckning: CVE-2005-2096.
- Ytterligare information:
-
Ett fel i sättet zlib hanterar uppackning av vissa komprimerade filer kan få program som använder zlib att krascha när en ogiltig fil öppnas.
Detta problem påverkar inte den gamla stabila distributionen (Woody).
För den stabila utgåvan (Sarge) har detta problem rättats i version 1.2.2-4.sarge.1.
För den instabila utgåvan har detta problem rättats i version 1.2.2-7.
Vi rekommenderar att ni uppgraderar ert zlib-paket.
- Rättat i:
-
Debian GNU/Linux 3.1 (sarge)
- Källkod:
- http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.1.dsc
- http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.1.diff.gz
- http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2.orig.tar.gz
- http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.1.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_alpha.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_alpha.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_alpha.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_arm.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_arm.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_arm.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_i386.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_i386.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_i386.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_ia64.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_ia64.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_ia64.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_hppa.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_hppa.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_hppa.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_m68k.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_m68k.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_m68k.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_mips.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_mips.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_mips.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_mipsel.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_mipsel.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_mipsel.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_powerpc.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_powerpc.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_powerpc.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/z/zlib/lib64z1_1.2.2-4.sarge.1_s390.deb
- http://security.debian.org/pool/updates/main/z/zlib/lib64z1-dev_1.2.2-4.sarge.1_s390.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_s390.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_s390.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_s390.deb
- http://security.debian.org/pool/updates/main/z/zlib/lib64z1-dev_1.2.2-4.sarge.1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/z/zlib/lib64z1_1.2.2-4.sarge.1_sparc.deb
- http://security.debian.org/pool/updates/main/z/zlib/lib64z1-dev_1.2.2-4.sarge.1_sparc.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_sparc.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_sparc.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_sparc.deb
- http://security.debian.org/pool/updates/main/z/zlib/lib64z1-dev_1.2.2-4.sarge.1_sparc.deb
MD5-kontrollsummor för dessa filer finns i originalbulletinen.