Debians sikkerhedsbulletin
DSA-763-1 zlib -- fjern-DoS-angreb
- Rapporteret den:
- 20. jul 2005
- Berørte pakker:
- zlib
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Mitres CVE-ordbog: CVE-2005-1849.
- Yderligere oplysninger:
-
Markus Oberhumer har opdaget en fejl i den måde zlib, et bibliotek der anvendes til komprimering og dekomprimering af filer, håndterer ukorrekte inddata. Fejlen kunne få programmer der anvender zlib til at gå ned når en ugyldig fil blev åbnet.
Dette problem påvirker ikke den gamle stabile distribution (woody).
I den nuværende stabile distribution (sarge), er dette problem rettet i version 1.2.2-4.sarge.2.
I den ustabile distribution (sid), er dette problem rettet i version 1.2.3-1.
Vi anbefaler at du opgraderer din zlib-pakke.
- Rettet i:
-
Debian GNU/Linux 3.1 (stable)
- Kildekode:
- http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2.orig.tar.gz
- http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.dsc
- http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.diff.gz
- http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.dsc
- Alpha:
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_alpha.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_alpha.udeb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_alpha.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_alpha.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_alpha.udeb
- ARM:
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_arm.udeb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_arm.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_arm.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_arm.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_arm.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_hppa.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_hppa.udeb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_hppa.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_hppa.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_hppa.udeb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_i386.udeb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_i386.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_i386.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_i386.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_ia64.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_ia64.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_ia64.udeb
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_ia64.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_ia64.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_m68k.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_m68k.udeb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_m68k.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_m68k.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_m68k.udeb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_mips.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_mips.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_mips.udeb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_mips.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_mipsel.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_mipsel.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_mipsel.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_mipsel.udeb
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_powerpc.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_powerpc.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_powerpc.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_powerpc.udeb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_s390.udeb
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_s390.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_s390.deb
- http://security.debian.org/pool/updates/main/z/zlib/lib64z1_1.2.2-4.sarge.2_s390.deb
- http://security.debian.org/pool/updates/main/z/zlib/lib64z1-dev_1.2.2-4.sarge.2_s390.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_s390.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_sparc.deb
- http://security.debian.org/pool/updates/main/z/zlib/lib64z1-dev_1.2.2-4.sarge.2_sparc.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_sparc.udeb
- http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_sparc.deb
- http://security.debian.org/pool/updates/main/z/zlib/lib64z1_1.2.2-4.sarge.2_sparc.deb
- http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_sparc.deb
- http://security.debian.org/pool/updates/main/z/zlib/lib64z1-dev_1.2.2-4.sarge.2_sparc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.