From:	 Eridani Star System <linux@eridani.co.uk>
To:	 eridani-announce@eridani.co.uk
Subject: [Eridani-Announce] ERISA-2002:009 - zlib other packages update
Date:	 Wed, 13 Mar 2002 19:43:01 +0000 (GMT)

=========================================================================
		ERIDANI LINUX - SECURITY ANNOUNCEMENT
=========================================================================

Package:	vnc dump cvs rsync kernel
Summary:	Double free() bug
Date:		2002-03-13
ID:		ERISA-2002:009

=========================================================================

Problem description:

  This is an extension to ERISA-2002:008, which addresses zlib itself.

  Instead, this release addresses packages which either contain a local,
  perhaps modified, copy of zlib, or those which statically link to the
  system library.  Packages which dynamically link to the system library
  will not be vulnerable after updating zlib itself.

  vnc:		Patched to use system zlib.
  dump:		Links statically to system zlib; rebuilt against the new
		one.
  cvs:		Patched to use system zlib.
  rsync:	Uses an internal modified zlib; patched to fix.
  kernel:	Updates are being worked on and will be released shortly.

  Users should be aware that Netscape also uses zlib; but due to it being
  closed source, no fix is available yet but should be soon.

-------------------------------------------------------------------------
Updated packages:

  865eda0500cfb0bbfbd278ee7d0d05a1  cvs-1.11.1p1-6.src.rpm
  d55a74ef57b344c71fe65d40d11fae25  dump-0.4b19-6.src.rpm
  c47eaf1ebf6886458efffa4a98ae9a9e  rsync-2.4.6-4.src.rpm
  8e1658a05da85fd85f8b5748c57b625e  vnc-3.3.3r2-6.src.rpm

  915d9df5fbdf71ee380612d5d8e29fbc  cvs-1.11.1p1-6.i386.rpm
  52f4a1df8ffab5f1ae165812ab4f0e5d  dump-0.4b19-6.i386.rpm
  e48a11d39beb46180d3c2c219362015d  dump-static-0.4b19-6.i386.rpm
  495f563e7648b6cfc8d9502a3a5cea3b  rmt-0.4b19-6.i386.rpm
  d3dfb009ee3f919bdfbf3bc5d3a30951  rsync-2.4.6-4.i386.rpm
  b9f4859c0942d35429c418e8c6d339d6  vnc-3.3.3r2-6.i386.rpm
  220618004d3b142b3bb6716debea9da6  vnc-doc-3.3.3r2-6.i386.rpm
  1c2143c6ed773c54ec612faf92117429  vnc-server-3.3.3r2-6.i386.rpm

-------------------------------------------------------------------------
References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0059

=========================================================================

Packages available from ftp://ftp.eridani.co.uk/pub/Aeryn/
or by HTTP from http://ftp.eridani.co.uk/

Packages are signed with our GNU GPG key, also on our FTP site.

Users of releases of Eridani Linux prior to 6.3 are advised to download   
the source RPM and rebuild for their system.

Copyright (C)2002 Eridani Star System

-- Michael "Soruk" McConnell                       http://www.eridani.co.uk
Eridani Linux  --  The Most Up-to-Date Red Hat-based Linux CDROMs Available
Email: linux@eridani.co.uk -- Also Debian, Slackware, Mandrake and more...





_______________________________________________
Eridani-Announce mailing list
To be removed from this list email linux@eridani.co.uk requesting removal.