From: Eridani Star System <linux@eridani.co.uk>
To: eridani-announce@eridani.co.uk
Subject: [Eridani-Announce] ERISA-2002:008 - zlib libz update
Date: Wed, 13 Mar 2002 19:40:14 +0000 (GMT)
=========================================================================
ERIDANI LINUX - SECURITY ANNOUNCEMENT
=========================================================================
Package: libz
Summary: Double free() bug
Date: 2002-03-13
ID: ERISA-2002:008
=========================================================================
Problem description:
zlib 1.1.3 contains a condition where a buffer could be freed twice,
thus corrupting malloc()'s data structures. This bug could be used to
crash any program that takes untrusted input, making it easy to perform
a multitude of denial-of-service attacks.
With the corruption of the malloc() data structures, an attacker could
craft an attack which could cause malicious code to be run on local or
remote systems.
cve.mitre.org havs assigned the name CAN-2002-0059 to this issue.
Many packages use this library, either dynamically or statically, a few
contain a local copy of it. These are addressed in ERISA-2002:009.
-------------------------------------------------------------------------
Updated packages:
6737b67e1493f3b53af2b5042a7d3bf4 zlib-1.1.3-26.src.rpm
05fd9df4fb60d697dc081c035a2e5ac5 zlib-1.1.3-26.i386.rpm
c8c4abf8f07d4832e9e917d485e75870 zlib-devel-1.1.3-26.i386.rpm
-------------------------------------------------------------------------
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0059
=========================================================================
Packages available from ftp://ftp.eridani.co.uk/pub/Aeryn/
or by HTTP from http://ftp.eridani.co.uk/
Packages are signed with our GNU GPG key, also on our FTP site.
Users of releases of Eridani Linux prior to 6.3 are advised to download
the source RPM and rebuild for their system.
Copyright (C)2002 Eridani Star System
-- Michael "Soruk" McConnell http://www.eridani.co.uk
Eridani Linux -- The Most Up-to-Date Red Hat-based Linux CDROMs Available
Email: linux@eridani.co.uk -- Also Debian, Slackware, Mandrake and more...
_______________________________________________
Eridani-Announce mailing list
To be removed from this list email linux@eridani.co.uk requesting removal.