--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-162680 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162680 2005-07-16 --------------------------------------------------------------------- Name : zlib Versions : fc1: zlib-1.2.0.7-2.2.legacy Versions : fc2: zlib-1.2.1.2-0.fc2.1.legacy Summary : The zlib compression and decompression library. Description : Zlib is a general-purpose, patent-free, lossless data compression library which is used by many different programs. --------------------------------------------------------------------- Update Information: Updated Zlib packages that fix a buffer overflow are now available. Zlib is a general-purpose lossless data compression library which is used by many different programs. Tavis Ormandy discovered a buffer overflow affecting Zlib version 1.2 and above. An attacker could create a carefully crafted compressed stream that would cause an application to crash if the stream is opened by a user. As an example, an attacker could create a malicious PNG image file which would cause a web browser or mail viewer to crash if the image is viewed. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-2096 to this issue. All users should update to these erratum packages which contain a patch from Mark Adler which corrects this issue. --------------------------------------------------------------------- Changelogs fc1: * Wed Jul 13 2005 Jeff Sheltren <sheltren@xxxxxxxxxxx> 1.2.0.7-2.2.legacy - Patch for buffer overflow (#162680) CAN-2005-2096 fc2: * Wed Jul 13 2005 Jeff Sheltren <sheltren@xxxxxxxxxxx> 1.2.1.2-0.fc2.1.legacy - Patch buffer overflow (#162680), CAN-2005-2096 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) 8638918082aaee312e8311ddf56391cf88bd621a fedora/1/updates-testing/i386/zlib-1.2.0.7-2.2.legacy.i386.rpm aafba6e837b2c82ba79affe61b0ef71863505fba fedora/1/updates-testing/i386/zlib-devel-1.2.0.7-2.2.legacy.i386.rpm 9cca71f3eeb03dad93851d6c66e70773f8369070 fedora/1/updates-testing/SRPMS/zlib-1.2.0.7-2.2.legacy.src.rpm 7ec6202d58ed3a41f3575757b111ab88622081d7 fedora/2/updates-testing/i386/zlib-1.2.1.2-0.fc2.1.legacy.i386.rpm 450f8ce4f02f36dbee569c0a9fdbe772829dce15 fedora/2/updates-testing/i386/zlib-devel-1.2.1.2-0.fc2.1.legacy.i386.rpm 64599917d793d263bbc522d8b0da1495577ca55e fedora/2/updates-testing/SRPMS/zlib-1.2.1.2-0.fc2.1.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
