USN-151-3: zlib vulnerabilities
Posted on: 10/29/2005 01:42 AM

A new zlib vulnerabilities update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-151-3 October 28, 2005
aide vulnerabilities
CVE-2005-1849, CVE-2005-2096
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

aide

The problem can be corrected by upgrading the affected package to
version 0.10-3ubuntu0.1 (for Ubuntu 4.10), 0.10-4ubuntu0.1 (for Ubuntu
5.04), or 0.10-6.1ubuntu0.1 (for Ubuntu 5.10). In general, a standard
system upgrade is sufficient to effect the necessary changes.

Details follow:

USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could
be exploited to cause Denial of Service attacks or even arbitrary code
execution with malicious data streams.

Since aide is statically linked against the zlib library, it is also
affected by these issues. The updated packagages have been rebuilt
against the fixed zlib.

Updated packages for Ubuntu 4.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-3ubuntu0.1.diff.gz
Size/MD5: 28081 d569b7974a6204481346128876a0a530
http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-3ubuntu0.1.dsc
Size/MD5: 703 cc5158a58a35e46dfc0bee0b0a34380b
http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10.orig.tar.gz
Size/MD5: 234184 39eb7d21064cac7b409c45d038b86cd8

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-3ubuntu0.1_amd64.deb
Size/MD5: 413050 086e1a2279c3cd8ac1b6a2414d48ce18

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-3ubuntu0.1_i386.deb
Size/MD5: 398942 07096e82a51ee10ce965571e08342952

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-3ubuntu0.1_powerpc.deb
Size/MD5: 430230 77d787a8f00bf5058b21010a2c52acfa

Updated packages for Ubuntu 5.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-4ubuntu0.1.diff.gz
Size/MD5: 29359 366869464761485ef3d29915ae294ab1
http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-4ubuntu0.1.dsc
Size/MD5: 703 28126aa389a49cc5354e6c704237b334
http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10.orig.tar.gz
Size/MD5: 234184 39eb7d21064cac7b409c45d038b86cd8

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-4ubuntu0.1_amd64.deb
Size/MD5: 465630 63bc8c81c424d4bfb00c233a2e97695d

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-4ubuntu0.1_i386.deb
Size/MD5: 431590 109018a99a6588f7f48ee8be595bf2b6

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-4ubuntu0.1_powerpc.deb
Size/MD5: 471800 73571a01182d41ec0f5ce73cd5b8cdbc

Updated packages for Ubuntu 5.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-6.1ubuntu0.1.diff.gz
Size/MD5: 36588 1428d11ede7d4d4996b9f6d719aa9557
http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-6.1ubuntu0.1.dsc
Size/MD5: 763 715edd426517405c0f81feff1e7511c7
http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10.orig.tar.gz
Size/MD5: 234184 39eb7d21064cac7b409c45d038b86cd8

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-6.1ubuntu0.1_amd64.deb
Size/MD5: 513230 9a1477b093630a538262a137d7c37730

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-6.1ubuntu0.1_i386.deb
Size/MD5: 451422 41c84d68e6e4e69fe919109e00576051

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/a/aide/aide_0.10-6.1ubuntu0.1_powerpc.deb
Size/MD5: 581134 df0712d4d04b4854243c01f7696eb0c5

--mojUlQ0s9EVzWg2t
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDYqUlDecnbV4Fd/IRAv6OAJ46Di8867HmO0vbHFZSvSqkeufteACfdZXo
PE+PD2jeGkOgC07A+XA3Pmw=
=kA9m
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_151_3_zlib_vulnerabilities.html)