From:	 Eridani Star System <linux@eridani.co.uk>
To:	 eridani-announce@eridani.co.uk
Subject: [Eridani-Announce] ERISA-2002:008 - zlib libz update
Date:	 Wed, 13 Mar 2002 19:40:14 +0000 (GMT)

=========================================================================
		ERIDANI LINUX - SECURITY ANNOUNCEMENT
=========================================================================

Package:	libz
Summary:	Double free() bug
Date:		2002-03-13
ID:		ERISA-2002:008

=========================================================================

Problem description:

  zlib 1.1.3 contains a condition where a buffer could be freed twice,
  thus corrupting malloc()'s data structures.  This bug could be used to
  crash any program that takes untrusted input, making it easy to perform
  a multitude of denial-of-service attacks.

  With the corruption of the malloc() data structures, an attacker could
  craft an attack which could cause malicious code to be run on local or
  remote systems.

  cve.mitre.org havs assigned the name CAN-2002-0059 to this issue.

  Many packages use this library, either dynamically or statically, a few 
  contain a local copy of it. These are addressed in ERISA-2002:009.

-------------------------------------------------------------------------
Updated packages:

  6737b67e1493f3b53af2b5042a7d3bf4  zlib-1.1.3-26.src.rpm

  05fd9df4fb60d697dc081c035a2e5ac5  zlib-1.1.3-26.i386.rpm
  c8c4abf8f07d4832e9e917d485e75870  zlib-devel-1.1.3-26.i386.rpm

-------------------------------------------------------------------------
References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0059

=========================================================================

Packages available from ftp://ftp.eridani.co.uk/pub/Aeryn/
or by HTTP from http://ftp.eridani.co.uk/

Packages are signed with our GNU GPG key, also on our FTP site.

Users of releases of Eridani Linux prior to 6.3 are advised to download   
the source RPM and rebuild for their system.

Copyright (C)2002 Eridani Star System

-- Michael "Soruk" McConnell                       http://www.eridani.co.uk
Eridani Linux  --  The Most Up-to-Date Red Hat-based Linux CDROMs Available
Email: linux@eridani.co.uk -- Also Debian, Slackware, Mandrake and more...










_______________________________________________
Eridani-Announce mailing list
To be removed from this list email linux@eridani.co.uk requesting removal.