|
|
| Problem Description |
A previous zlib update (MDKSA-2005:112; CAN-2005-2096) fixed an overflow
flaw in the zlib program. While that update did indeed fix the reported
overflow issue, Markus Oberhumber discovered additional ways that a
specially-crafted compressed stream could trigger an overflow. An
attacker could create such a stream that would cause a linked
application to crash if opened by a user.
The updated packages are provided to protect against this flaw. The
Corporate Server 2.1 product is not affected by this vulnerability.
| Updated Packages |
Mandrakelinux 10.0
860987335903c382c12e42448367676f 10.0/RPMS/zlib1-1.2.1-2.3.100mdk.i586.rpm e047a26f46031a57f896a1d36ccc52c3 10.0/RPMS/zlib1-devel-1.2.1-2.3.100mdk.i586.rpm 72ea4005316839b3c31b90d524c52d42 10.0/SRPMS/zlib-1.2.1-2.3.100mdk.src.rpm
Mandrakelinux 10.0/AMD64
e6a94df40bc740d725731036e7f3db96 amd64/10.0/RPMS/zlib1-1.2.1-2.3.100mdk.amd64.rpm 890f9d6039a95f82365a7cb55e9017fb amd64/10.0/RPMS/zlib1-devel-1.2.1-2.3.100mdk.amd64.rpm 72ea4005316839b3c31b90d524c52d42 amd64/10.0/SRPMS/zlib-1.2.1-2.3.100mdk.src.rpm
Mandrakelinux 10.1
58c3324f33d5586d1bcdde0aca4e5a79 10.1/RPMS/zlib1-1.2.1.1-3.2.101mdk.i586.rpm c0ccb2820937a05d8cc608701150f012 10.1/RPMS/zlib1-devel-1.2.1.1-3.2.101mdk.i586.rpm 17ad74eeed07fab9c8829dd546be6890 10.1/SRPMS/zlib-1.2.1.1-3.2.101mdk.src.rpm
Mandrakelinux 10.1/X86_64
87e7046c0c876da2c94590ad6c98dafe x86_64/10.1/RPMS/zlib1-1.2.1.1-3.2.101mdk.x86_64.rpm f90e56e2ab04468abac0c08849a5260a x86_64/10.1/RPMS/zlib1-devel-1.2.1.1-3.2.101mdk.x86_64.rpm 17ad74eeed07fab9c8829dd546be6890 x86_64/10.1/SRPMS/zlib-1.2.1.1-3.2.101mdk.src.rpm
Corporate Server 3.0
2e66862f24760823bdaa26c20fbc7606 corporate/3.0/RPMS/zlib1-1.2.1-2.3.C30mdk.i586.rpm d9cab4b4ab9a04eeee1b38ac7c3e5e5a corporate/3.0/RPMS/zlib1-devel-1.2.1-2.3.C30mdk.i586.rpm ae75fabf010504e1b0f84f79e50c5753 corporate/3.0/SRPMS/zlib-1.2.1-2.3.C30mdk.src.rpm
Corporate Server 3.0/X86_64
92ef33342acbfa125fb45e84a591cf3f x86_64/corporate/3.0/RPMS/zlib1-1.2.1-2.3.C30mdk.x86_64.rpm b884c537207635c8d1ca5ac9bcfed24a x86_64/corporate/3.0/RPMS/zlib1-devel-1.2.1-2.3.C30mdk.x86_64.rpm ae75fabf010504e1b0f84f79e50c5753 x86_64/corporate/3.0/SRPMS/zlib-1.2.1-2.3.C30mdk.src.rpm
Multi Network Firewall 2.0
631b3c1e87bbde27e99673d30c1e91c1 mnf/2.0/RPMS/zlib1-1.2.1-2.3.M20mdk.i586.rpm c3077bbfdaeb2c6fc1e5aed4f6b0e65b mnf/2.0/SRPMS/zlib-1.2.1-2.3.M20mdk.src.rpm
Mandriva Linux LE2005
d30d7cfb002353a63f89ba382062a78e 10.2/RPMS/zlib1-1.2.2.2-2.2.102mdk.i586.rpm 5c4a526d818a326fafd6c9e9672b3447 10.2/RPMS/zlib1-devel-1.2.2.2-2.2.102mdk.i586.rpm 543c843e6691904415c4c8bc45affe7c 10.2/SRPMS/zlib-1.2.2.2-2.2.102mdk.src.rpm
Mandriva Linux LE2005/X86_64
c7c5d4fbeb2db2ffa27e6123958280a7 x86_64/10.2/RPMS/zlib1-1.2.2.2-2.2.102mdk.x86_64.rpm dbc5bbd0220041e3594939e963bfb5da x86_64/10.2/RPMS/zlib1-devel-1.2.2.2-2.2.102mdk.x86_64.rpm 543c843e6691904415c4c8bc45affe7c x86_64/10.2/SRPMS/zlib-1.2.2.2-2.2.102mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1849
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.