From: Eridani Star System <linux@eridani.co.uk>
To: eridani-announce@eridani.co.uk
Subject: [Eridani-Announce] ERISA-2002:009 - zlib other packages update
Date: Wed, 13 Mar 2002 19:43:01 +0000 (GMT)
=========================================================================
ERIDANI LINUX - SECURITY ANNOUNCEMENT
=========================================================================
Package: vnc dump cvs rsync kernel
Summary: Double free() bug
Date: 2002-03-13
ID: ERISA-2002:009
=========================================================================
Problem description:
This is an extension to ERISA-2002:008, which addresses zlib itself.
Instead, this release addresses packages which either contain a local,
perhaps modified, copy of zlib, or those which statically link to the
system library. Packages which dynamically link to the system library
will not be vulnerable after updating zlib itself.
vnc: Patched to use system zlib.
dump: Links statically to system zlib; rebuilt against the new
one.
cvs: Patched to use system zlib.
rsync: Uses an internal modified zlib; patched to fix.
kernel: Updates are being worked on and will be released shortly.
Users should be aware that Netscape also uses zlib; but due to it being
closed source, no fix is available yet but should be soon.
-------------------------------------------------------------------------
Updated packages:
865eda0500cfb0bbfbd278ee7d0d05a1 cvs-1.11.1p1-6.src.rpm
d55a74ef57b344c71fe65d40d11fae25 dump-0.4b19-6.src.rpm
c47eaf1ebf6886458efffa4a98ae9a9e rsync-2.4.6-4.src.rpm
8e1658a05da85fd85f8b5748c57b625e vnc-3.3.3r2-6.src.rpm
915d9df5fbdf71ee380612d5d8e29fbc cvs-1.11.1p1-6.i386.rpm
52f4a1df8ffab5f1ae165812ab4f0e5d dump-0.4b19-6.i386.rpm
e48a11d39beb46180d3c2c219362015d dump-static-0.4b19-6.i386.rpm
495f563e7648b6cfc8d9502a3a5cea3b rmt-0.4b19-6.i386.rpm
d3dfb009ee3f919bdfbf3bc5d3a30951 rsync-2.4.6-4.i386.rpm
b9f4859c0942d35429c418e8c6d339d6 vnc-3.3.3r2-6.i386.rpm
220618004d3b142b3bb6716debea9da6 vnc-doc-3.3.3r2-6.i386.rpm
1c2143c6ed773c54ec612faf92117429 vnc-server-3.3.3r2-6.i386.rpm
-------------------------------------------------------------------------
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0059
=========================================================================
Packages available from ftp://ftp.eridani.co.uk/pub/Aeryn/
or by HTTP from http://ftp.eridani.co.uk/
Packages are signed with our GNU GPG key, also on our FTP site.
Users of releases of Eridani Linux prior to 6.3 are advised to download
the source RPM and rebuild for their system.
Copyright (C)2002 Eridani Star System
-- Michael "Soruk" McConnell http://www.eridani.co.uk
Eridani Linux -- The Most Up-to-Date Red Hat-based Linux CDROMs Available
Email: linux@eridani.co.uk -- Also Debian, Slackware, Mandrake and more...
_______________________________________________
Eridani-Announce mailing list
To be removed from this list email linux@eridani.co.uk requesting removal.