[UPDATED] Fedora Legacy Test Update Notification: zlib

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



These packages were updated to fix CAN-2005-1849 also.

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-162680
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162680
2005-08-09
---------------------------------------------------------------------

Name        : zlib
Versions    : fc1: zlib-1.2.0.7-2.3.legacy
Versions    : fc2: zlib-1.2.1.2-0.fc2.2.legacy
Summary     : The zlib compression and decompression library.
Description :
Zlib is a general-purpose, patent-free, lossless data compression
library which is used by many different programs.

---------------------------------------------------------------------
Update Information:

Updated Zlib packages that fix a buffer overflow are now available.

Zlib is a general-purpose lossless data compression library which is
used by many different programs.

Tavis Ormandy discovered a buffer overflow affecting Zlib version 1.2
and above. An attacker could create a carefully crafted compressed
stream that would cause an application to crash if the stream is opened
by a user. As an example, an attacker could create a malicious PNG image
file which would cause a web browser or mail viewer to crash if the
image is viewed. The Common Vulnerabilities and Exposures project
assigned the name CAN-2005-2096 to this issue.

Markus Oberhumer discovered additional ways a stream could trigger an
overflow. An attacker could create a carefully crafted compressed stream
that would cause an application to crash if the stream is opened by a
user. As an example, an attacker could create a malicious PNG image file
that would cause a Web browser or mail viewer to crash if the image is
viewed. The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the name CAN-2005-1849 to this issue.

All users should update to these erratum packages which contain a patch
from Mark Adler which corrects this issue.

---------------------------------------------------------------------
Changelogs

fc1:
* Tue Aug 09 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx>
1.2.0.7-2.3.legacy
- Added patch for CAN-2005-1849

* Wed Jul 13 2005 Jeff Sheltren <sheltren@xxxxxxxxxxx> 1.2.0.7-2.2.legacy
- Patch for buffer overflow (#162680) CAN-2005-2096

fc2:
* Tue Aug 09 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx>
1.2.1.2-0.fc2.2.legacy
- Added patch for CAN-2005-1849

* Wed Jul 13 2005 Jeff Sheltren <sheltren@xxxxxxxxxxx>
1.2.1.2-0.fc2.1.legacy
- Patch buffer overflow (#162680), CAN-2005-2096

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

f242225e07d39648b0d7d6558150285ddf7f62d8
fedora/1/updates-testing/i386/zlib-1.2.0.7-2.3.legacy.i386.rpm
618d744e5a8f9a895b40f952a8593985c93fd6d6
fedora/1/updates-testing/i386/zlib-devel-1.2.0.7-2.3.legacy.i386.rpm
c812abcd0c5bcfccc86573e81d68ebff5b615ded
fedora/1/updates-testing/SRPMS/zlib-1.2.0.7-2.3.legacy.src.rpm
d07c43de860f476302fcd1fc82d18db1835e1ba1
fedora/2/updates-testing/i386/zlib-1.2.1.2-0.fc2.2.legacy.i386.rpm
f3326c134c6346ca8f120d86d28908ad45907bf9
fedora/2/updates-testing/i386/zlib-devel-1.2.1.2-0.fc2.2.legacy.i386.rpm
2d288f7b2dd848a4c3f36d3ff7c200b9b629c868
fedora/2/updates-testing/SRPMS/zlib-1.2.1.2-0.fc2.2.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.

Attachment: signature.asc
Description: OpenPGP digital signature

--

fedora-legacy-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-legacy-list

[Index of Archives]     [Fedora Development]     [Fedora Announce]     [Fedora Legacy Announce]     [Fedora Config]     [PAM]     [Fedora General Discussion]     [Big List of Linux Books]     [Gimp]     [Yosemite Questions]

  Powered by Linux