USN-148-1: zlib vulnerability
Posted on: 07/06/2005 10:46 AM

A zlib security update is available for Ubuntu Linux

==========================================================
Ubuntu Security Notice USN-148-1 July 06, 2005
zlib vulnerability
CAN-2005-2096
==========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

zlib1g

The problem can be corrected by upgrading the affected package to version 1:1.2.1.1-3ubuntu1.1 (for Ubuntu 4.10), or 1:1.2.2-4ubuntu1.1 (for Ubuntu 5.04). A standard system upgrade is NOT SUFFICIENT to effect the necessary changes! If you can afford to reboot your machine, this is the easiest way to ensure that all services using this library are restarted correctly. If not, please manually restart all server applications.

Details follow:

Tavis Ormandy discovered that zlib did not properly verify data streams. Decompressing certain invalid compressed files caused corruption of internal data structures, which caused applications which link to zlib to crash. Specially crafted input might even have allowed arbitrary code execution.

zlib is used by hundreds of server and client applications, so this vulnerability could be exploited to cause Denial of Service attacks to almost all services provided by an Ubuntu system.


Updated packages for Ubuntu 4.10 (Warty Warthog):

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib_1.2.1.1-3ubuntu1.1.diff.gz
Size/MD5: 15294 f90b9336bb009307dee87f0677cb07c4
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib_1.2.1.1-3ubuntu1.1.dsc
Size/MD5: 615 887dceeeda873436c0ce2b4660e63377
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib_1.2.1.1.orig.tar.gz
Size/MD5: 345935 a98b37434fb4508cb90d5606bfe8c716

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/universe/z/zlib/zlib-bin_1.2.1.1-3ubuntu1.1_amd64.deb
Size/MD5: 27118 77ac7d268147f196ff8a4feaa6866dd8
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-dev_1.2.1.1-3ubuntu1.1_amd64.deb
Size/MD5: 423318 5e5f70c5c94c033da2f64ea4a82d08c8
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-udeb_1.2.1.1-3ubuntu1.1_amd64.udeb
Size/MD5: 42886 1e36349fb14a54dc56202d4b6640716c
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g_1.2.1.1-3ubuntu1.1_amd64.deb
Size/MD5: 66528 f412e92660ecc41753414ea5d102dbbd

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/universe/z/zlib/zlib-bin_1.2.1.1-3ubuntu1.1_i386.deb
Size/MD5: 24534 ec183c8a2dd78e89223221645eecdd9f
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-dev_1.2.1.1-3ubuntu1.1_i386.deb
Size/MD5: 403758 3672c8a4f230da49e3e16864470f7ab8
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-udeb_1.2.1.1-3ubuntu1.1_i386.udeb
Size/MD5: 37376 7257b1ea59d4b44eec00697b029e57cc
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g_1.2.1.1-3ubuntu1.1_i386.deb
Size/MD5: 61050 feee9d9af349d90187c03e1be78632ec

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/universe/z/zlib/zlib-bin_1.2.1.1-3ubuntu1.1_powerpc.deb
Size/MD5: 29202 d58be04c1b03d8f93e1b17a9edc549bb
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-dev_1.2.1.1-3ubuntu1.1_powerpc.deb
Size/MD5: 442080 47e9e0793350614629efe7773e26a785
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-udeb_1.2.1.1-3ubuntu1.1_powerpc.udeb
Size/MD5: 44776 b6157cc917d46b09f7cab5572c4470eb
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g_1.2.1.1-3ubuntu1.1_powerpc.deb
Size/MD5: 68632 2af71690bbc01ce9f529ac757498bb3e

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib_1.2.2-4ubuntu1.1.diff.gz
Size/MD5: 14745 c5ced6c988fcb1e8180f16cc1f9e8d65
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib_1.2.2-4ubuntu1.1.dsc
Size/MD5: 691 853cdc541aff78f04b7bbf13ade880c8
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib_1.2.2.orig.tar.gz
Size/MD5: 430700 d43dabe3d374e299f2631c5fc5ce31f5

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/universe/z/zlib/zlib-bin_1.2.2-4ubuntu1.1_amd64.deb
Size/MD5: 28218 86c4889da912f447bad2ab386f131690
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-dev_1.2.2-4ubuntu1.1_amd64.deb
Size/MD5: 503058 b2f83435552a145880af3fa4b54ed9f3
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-udeb_1.2.2-4ubuntu1.1_amd64.udeb
Size/MD5: 42918 e858fbf107b7ca9c9c4763bcb33358fc
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g_1.2.2-4ubuntu1.1_amd64.deb
Size/MD5: 67790 179d1749c638e9764fbbdc8ecaa8ed9b

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/universe/z/zlib/zlib-bin_1.2.2-4ubuntu1.1_i386.deb
Size/MD5: 25488 2798762828ab44c404de6dd193ff84b3
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-dev_1.2.2-4ubuntu1.1_i386.deb
Size/MD5: 483792 5d9d1e58b33084101f8679e0319b5af0
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-udeb_1.2.2-4ubuntu1.1_i386.udeb
Size/MD5: 37400 8fe0adc941ee1fbc4d8b00c5cde1d89a
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g_1.2.2-4ubuntu1.1_i386.deb
Size/MD5: 62330 910f69ead9ae59caa3e04985bf08a9a1

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/universe/z/zlib/zlib-bin_1.2.2-4ubuntu1.1_powerpc.deb
Size/MD5: 30272 6a474a56695c5ec180acc63b0915d17e
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-dev_1.2.2-4ubuntu1.1_powerpc.deb
Size/MD5: 522986 ba9c4d53d8b223141460d33f781019c8
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-udeb_1.2.2-4ubuntu1.1_powerpc.udeb
Size/MD5: 44792 7f4796a14f6a3a06a6a1c89555437b11
http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g_1.2.2-4ubuntu1.1_powerpc.deb
Size/MD5: 69918 09101f2dda0bddef945b8681de9bf8d5


Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_148_1_zlib_vulnerability.html)