Debian Security Advisory
DSA-763-1 zlib -- remote DoS
- Date Reported:
- 20 Jul 2005
- Affected Packages:
- zlib
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2005-1849.
- More information:
-
Markus Oberhumer discovered a flaw in the way zlib, a library used for file compression and decompression, handles invalid input. This flaw can cause programs which use zlib to crash when opening an invalid file.
This problem does not affect the old stable distribution (woody).
For the current stable distribution (sarge), this problem has been fixed in version 1.2.2-4.sarge.2.
For the unstable distribution (sid), this problem has been fixed in version 1.2.3-1.
We recommend that you upgrade your zlib package.
- Fixed in:
-
Debian GNU/Linux 3.1 (stable)
- Source:
- http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2.orig.tar.gz
- http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.dsc
- http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.diff.gz
- http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.dsc
- Alpha:
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_alpha.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_alpha.udeb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_alpha.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_alpha.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_alpha.udeb
- ARM:
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_arm.udeb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_arm.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_arm.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_arm.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_arm.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_hppa.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_hppa.udeb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_hppa.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_hppa.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_hppa.udeb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_i386.udeb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_i386.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_i386.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_i386.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_ia64.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_ia64.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_ia64.udeb
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_ia64.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_ia64.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_m68k.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_m68k.udeb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_m68k.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_m68k.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_m68k.udeb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_mips.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_mips.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_mips.udeb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_mips.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_mipsel.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_mipsel.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_mipsel.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_mipsel.udeb
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_powerpc.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_powerpc.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_powerpc.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_powerpc.udeb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_s390.udeb
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_s390.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_s390.deb
- http://security.debian.org/pool/updates/main/z/zlib/lib64z1_1.2.2-4.sarge.2_s390.deb
- http://security.debian.org/pool/updates/main/z/zlib/lib64z1-dev_1.2.2-4.sarge.2_s390.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_s390.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_sparc.deb
- http://security.debian.org/pool/updates/main/z/zlib/lib64z1-dev_1.2.2-4.sarge.2_sparc.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_sparc.udeb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_sparc.deb
- http://security.debian.org/pool/updates/main/z/zlib/lib64z1_1.2.2-4.sarge.2_sparc.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_sparc.deb
- http://security.debian.org/pool/updates/main/z/zlib/lib64z1-dev_1.2.2-4.sarge.2_sparc.deb
MD5 checksums of the listed files are available in the original advisory.