These packages were updated to fix CAN-2005-1849 also. --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-162680 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162680 2005-08-09 --------------------------------------------------------------------- Name : zlib Versions : fc1: zlib-1.2.0.7-2.3.legacy Versions : fc2: zlib-1.2.1.2-0.fc2.2.legacy Summary : The zlib compression and decompression library. Description : Zlib is a general-purpose, patent-free, lossless data compression library which is used by many different programs. --------------------------------------------------------------------- Update Information: Updated Zlib packages that fix a buffer overflow are now available. Zlib is a general-purpose lossless data compression library which is used by many different programs. Tavis Ormandy discovered a buffer overflow affecting Zlib version 1.2 and above. An attacker could create a carefully crafted compressed stream that would cause an application to crash if the stream is opened by a user. As an example, an attacker could create a malicious PNG image file which would cause a web browser or mail viewer to crash if the image is viewed. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-2096 to this issue. Markus Oberhumer discovered additional ways a stream could trigger an overflow. An attacker could create a carefully crafted compressed stream that would cause an application to crash if the stream is opened by a user. As an example, an attacker could create a malicious PNG image file that would cause a Web browser or mail viewer to crash if the image is viewed. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CAN-2005-1849 to this issue. All users should update to these erratum packages which contain a patch from Mark Adler which corrects this issue. --------------------------------------------------------------------- Changelogs fc1: * Tue Aug 09 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1.2.0.7-2.3.legacy - Added patch for CAN-2005-1849 * Wed Jul 13 2005 Jeff Sheltren <sheltren@xxxxxxxxxxx> 1.2.0.7-2.2.legacy - Patch for buffer overflow (#162680) CAN-2005-2096 fc2: * Tue Aug 09 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1.2.1.2-0.fc2.2.legacy - Added patch for CAN-2005-1849 * Wed Jul 13 2005 Jeff Sheltren <sheltren@xxxxxxxxxxx> 1.2.1.2-0.fc2.1.legacy - Patch buffer overflow (#162680), CAN-2005-2096 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) f242225e07d39648b0d7d6558150285ddf7f62d8 fedora/1/updates-testing/i386/zlib-1.2.0.7-2.3.legacy.i386.rpm 618d744e5a8f9a895b40f952a8593985c93fd6d6 fedora/1/updates-testing/i386/zlib-devel-1.2.0.7-2.3.legacy.i386.rpm c812abcd0c5bcfccc86573e81d68ebff5b615ded fedora/1/updates-testing/SRPMS/zlib-1.2.0.7-2.3.legacy.src.rpm d07c43de860f476302fcd1fc82d18db1835e1ba1 fedora/2/updates-testing/i386/zlib-1.2.1.2-0.fc2.2.legacy.i386.rpm f3326c134c6346ca8f120d86d28908ad45907bf9 fedora/2/updates-testing/i386/zlib-devel-1.2.1.2-0.fc2.2.legacy.i386.rpm 2d288f7b2dd848a4c3f36d3ff7c200b9b629c868 fedora/2/updates-testing/SRPMS/zlib-1.2.1.2-0.fc2.2.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list