Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Daniel Ahlberg <aliz@g.o>
To: gentoo-announce@g.o
Subject: GLSA: zlib (200303-25)
Date: Fri, 28 Mar 2003 11:09:45
Message-Id: 20030328104949.8DF7F5764@mail2.tamperd.net
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 - - ---------------------------------------------------------------------
5 GENTOO LINUX SECURITY ANNOUNCEMENT 200303-25
6 - - ---------------------------------------------------------------------
7
8 PACKAGE : zlib
9 SUMMARY : buffer overrun
10 DATE : 2003-03-28 10:50 UTC
11 EXPLOIT : remote
12 VERSIONS AFFECTED : <1.1.4-r1
13 FIXED VERSION : >=1.1.4-r1
14 CVE : CAN-2003-0107
15
16 - - ---------------------------------------------------------------------
17
18 - From advisory:
19 "zlib contains a function called gzprintf(). This is similar in
20 behaviour to fprintf() except that by default, this function will
21 smash the stack if called with arguments that expand to more than
22 Z_PRINTF_BUFSIZE (=4096 by default) bytes."
23
24 Read the full advisory at
25 http://www.securityfocus.com/archive/1/312869/2003-02-18/2003-02-24/0
26
27 SOLUTION
28
29 It is recommended that all Gentoo Linux users who are running
30 sys-libs/zlib upgrade to zlib-1.1.4-r1 as follows:
31
32 emerge sync
33 emerge zlib
34 emerge clean
35
36 - - ---------------------------------------------------------------------
37 aliz@g.o - GnuPG key is available at http://cvs.gentoo.org/~aliz
38 - - ---------------------------------------------------------------------
39 -----BEGIN PGP SIGNATURE-----
40 Version: GnuPG v1.2.1 (GNU/Linux)
41
42 iD8DBQE+hCkVfT7nyhUpoZMRAv/oAKCvQvr9WZOBm6O4Z+rWXArdWB2JZACfU9gT
43 jJ0a21t+xwPVPf8Lb2ObEsA=
44 =1ZIH
45 -----END PGP SIGNATURE-----
Report Message
Find on MARC Find on Google Groups