Re: [SECURITY] [DSA 740-1] New zlib packages fix denial of service
On Wed, Jul 06, 2005 at 04:45:01PM +0200, Michael Stone wrote:
> - ------------------------------------------------------------------------
> Debian Security Advisory DSA 740-1 security@debian.org
> http://www.debian.org/security/ Michael Stone
> July 06, 2005 http://www.debian.org/security/faq
> - ------------------------------------------------------------------------
>
> Package : zlib
> Vulnerability : buffer overflow
> Problem type : remote DOS
> Debian-specific: no
> CVE Id(s) : CAN-2005-2096
>
> An error in the way zlib handles the inflation of certain compressed
> files can cause a program which uses zlib to crash when opening an
> invalid file.
>
> This problem does not affect the old stable distribution (woody).
>
> For the stable distribution (sarge), this problem has been fixed in
> version 1.2.2-4.sarge.1.
>
> For the unstable distribution, this problem has been fixed in version
> 1.2.2-7.
>
> We recommend that you upgrade your clamav package.
I would prefer to upgrade also my zlib package ;-)
--
Roberto Gordo Saez - Free Software Engineer
Linalco "Especialistas en Linux y Software Libre"
http://www.linalco.com/ Tel: +34-914561700
Reply to: