LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: July 25th, 2014
Linux Advisory Watch: July 18th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: 'zlib' Data corruption vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
Debian The compression library zlib has a flaw in which it attempts to freememory more than once under certain conditions. This can possibly beexploited to run arbitrary code in a program that includes zlib.

--------------------------------------------------------------------------
Debian Security Advisory DSA 122-1                     security@debian.org 
http://www.debian.org/security/                              Michael Stone
March 11th, 2002
--------------------------------------------------------------------------

Package        : zlib, various
Vulnerability  : malloc error (double free)
Problem-Type   : potential remote root
Debian-specific: no

The compression library zlib has a flaw in which it attempts to free
memory more than once under certain conditions. This can possibly be
exploited to run arbitrary code in a program that includes zlib. If a
network application running as root is linked to zlib, this could
potentially lead to a remote root compromise. No exploits are known at
this time. This vulnerability is assigned the CVE candidate name of
CAN-2002-0059.

The zlib vulnerability is fixed in the Debian zlib package version
1.1.3-5.1. A number of programs either link statically to zlib or include
a private copy of zlib code. These programs must also be upgraded
to eliminate the zlib vulnerability. The affected packages and fixed
versions follow:
  amaya 2.4-1potato1
  dictd 1.4.9-9potato1
  erlang 49.1-10.1
  freeamp 2.0.6-2.1
  mirrordir 0.10.48-2.1
  ppp 2.3.11-1.5
  rsync 2.3.2-1.6
  vrweb 1.5-5.1

Those using the pre-release (testing) version of Debian should upgrade
to zlib 1.1.3-19.1 or a later version. Note that since this version of
Debian has not yet been released it may not be available immediately for
all architectures. Debian 2.2 (potato) is the latest supported release.

We recommend that you upgrade your packages immediately. Note that you
should restart all programs that use the shared zlib library in order
for the fix to take effect. This is most easily done by rebooting the
system.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 2.2 alias potato
------------------------------------

  Source archives:

     http://security.debian.org/dists/stable/updates/main/source/amaya_2.4-1potato1.diff.gz
      MD5 checksum: 8b7e02c4e32b5af668eb546d71170620
     http://security.debian.org/dists/stable/updates/main/source/amaya_2.4-1potato1.dsc
      MD5 checksum: 26451580b96e586120f8edb57ae07855
     http://security.debian.org/dists/stable/updates/main/source/dictd_1.4.9-9potato1.diff.gz
      MD5 checksum: c6e6bdcc444124e7a12ef924cfd4e94f
     http://security.debian.org/dists/stable/updates/main/source/dictd_1.4.9-9potato1.dsc
      MD5 checksum: d39c2bd83ed1178e441c55be2d4ca980
     http://security.debian.org/dists/stable/updates/main/source/erlang_49.1-10.1.diff.gz
      MD5 checksum: 4c9594e4e9ecd32f932ef1c441e1926a
     http://security.debian.org/dists/stable/updates/main/source/erlang_49.1-10.1.dsc
      MD5 checksum: 48b631745b1ddfe02be7dc06e9695fa2
     http://security.debian.org/dists/stable/updates/main/source/freeamp_2.0.6-2.1.diff.gz
      MD5 checksum: 5c356b5999d62763343c930c6c1d5aa2
     http://security.debian.org/dists/stable/updates/main/source/freeamp_2.0.6-2.1.dsc
      MD5 checksum: 5bd1fbceb6a810da65aec534cf3a3234
     http://security.debian.org/dists/stable/updates/main/source/mirrordir_0.10.48-2.1.diff.gz
      MD5 checksum: 839961cc3ed655757c1c802fd03efd56
     http://security.debian.org/dists/stable/updates/main/source/mirrordir_0.10.48-2.1.dsc
      MD5 checksum: cb1c985cd95a9f59a517e14e24d2a7e8
     http://security.debian.org/dists/stable/updates/main/source/ppp_2.3.11-1.5.diff.gz
      MD5 checksum: 3a1cf6315b17f2f83d5aea971d8e468d
     http://security.debian.org/dists/stable/updates/main/source/ppp_2.3.11-1.5.dsc
      MD5 checksum: 75a5827497f1d4c23aaad79358723079
     http://security.debian.org/dists/stable/updates/main/source/rsync_2.3.2-1.6.diff.gz
      MD5 checksum: f6db414ebdbad942698243dd9b5068d7
     http://security.debian.org/dists/stable/updates/main/source/rsync_2.3.2-1.6.dsc
      MD5 checksum: 32bf6c8c200f3efbf7ee5b3016ce512a
     http://security.debian.org/dists/stable/updates/main/source/vrweb_1.5-5.1.diff.gz
      MD5 checksum: 85be86d09c96de9f1b6672ec172700cd
     http://security.debian.org/dists/stable/updates/main/source/vrweb_1.5-5.1.dsc
      MD5 checksum: e87bcdec444fb501a38a6cd917bf1428
     http://security.debian.org/dists/stable/updates/main/source/zlib_1.1.3-5.1.diff.gz
      MD5 checksum: 6ab5b82c42f9455d8126afe111a0020d
     http://security.debian.org/dists/stable/updates/main/source/zlib_1.1.3-5.1.dsc
      MD5 checksum: 68a4a7329b43a42d695ef1d57c483113

  Architecture-independent components:

     http://security.debian.org/dists/stable/updates/main/binary-all/erlang-base_49.1-10.1_all.deb
      MD5 checksum: 8c9400db85a52e19b979bba867ad1ecd
     http://security.debian.org/dists/stable/updates/main/binary-all/erlang-erl_49.1-10.1_all.deb
      MD5 checksum: 65e8b03fb8e56695d1367a5dc6747a45
     http://security.debian.org/dists/stable/updates/main/binary-all/erlang-java_49.1-10.1_all.deb
      MD5 checksum: 74c2d0ac9fb9c0d27c59610317256d1e
     http://security.debian.org/dists/stable/updates/main/binary-all/freeamp-doc_2.0.6-2.1_all.deb
      MD5 checksum: 8e434427d2962da24852bdbf8504d916

  Alpha architecture:
    Fixed erlang and freeamp packages are not yet available.

     
http://security.debian.org/dists/stable/updates/main/binary-alpha/amaya_2.4-1potato1_alpha.deb
      MD5 checksum: 103e503b9cdea75b1b1180184f09ee06
     
http://security.debian.org/dists/stable/updates/main/binary-alpha/dict_1.4.9-9potato1_alpha.deb
      MD5 checksum: 587a8fad2ea2ea65ac9136034121d763
     
http://security.debian.org/dists/stable/updates/main/binary-alpha/dictd_1.4.9-9potato1_alpha.deb
      MD5 checksum: 392faaa8797b42039f710a197a449eeb
     
http://security.debian.org/dists/stable/updates/main/binary-alpha/mirrordir_0.10.48-2.1_alpha.deb
      MD5 checksum: 864abf2f06ca92b59519eb68ac7792fe
     http://security.debian.org/dists/stable/updates/main/binary-alpha/ppp_2.3.11-1.5_alpha.deb
      MD5 checksum: 25437980d4ab9d19a7867362eeb5223e
     http://security.debian.org/dists/stable/updates/main/binary-alpha/rsync_2.3.2-1.6_alpha.deb
      MD5 checksum: 89b44c524f87976d50527e740a6568e1
     http://security.debian.org/dists/stable/updates/main/binary-alpha/vrweb_1.5-5.1_alpha.deb
      MD5 checksum: 0f1787afbf74aac8dbd1838116682477
     
http://security.debian.org/dists/stable/updates/main/binary-alpha/zlib-bin_1.1.3-5.1_alpha.deb
      MD5 checksum: 5c4bec088a589a7fc2d95ed2631b6c3b
     
http://security.debian.org/dists/stable/updates/main/binary-alpha/zlib1g-dev_1.1.3-5.1_alpha.deb
      MD5 checksum: 21cbcdb89af9bfad1d67e32250092252
     http://security.debian.org/dists/stable/updates/main/binary-alpha/zlib1g_1.1.3-5.1_alpha.deb
      MD5 checksum: eda30505a1272966bb38efe8a866355f

  ARM architecture:
    erlang and freeamp packages are not yet available

     http://security.debian.org/dists/stable/updates/main/binary-arm/amaya_2.4-1potato1_arm.deb
      MD5 checksum: 98366f4267c4d33a750ef54555f510e6
     http://security.debian.org/dists/stable/updates/main/binary-arm/dict_1.4.9-9potato1_arm.deb
      MD5 checksum: 18f41595d4f1fb35479d37b57c54e539
     http://security.debian.org/dists/stable/updates/main/binary-arm/dictd_1.4.9-9potato1_arm.deb
      MD5 checksum: edaa15b32639ba25fcfa093fdd8639da
     http://security.debian.org/dists/stable/updates/main/binary-arm/mirrordir_0.10.48-2.1_arm.deb
      MD5 checksum: 12a1fdb998a2b99909c5f64326c517c8
     http://security.debian.org/dists/stable/updates/main/binary-arm/ppp_2.3.11-1.5_arm.deb
      MD5 checksum: 2143bc17f7f3627cf2ac76a886ee83b9
     http://security.debian.org/dists/stable/updates/main/binary-arm/rsync_2.3.2-1.6_arm.deb
      MD5 checksum: df6bf519af26c155b059a1d72e237be5
     http://security.debian.org/dists/stable/updates/main/binary-arm/vrweb_1.5-5.1_arm.deb
      MD5 checksum: c368b4b16739004d1da8d99d616a53af
     http://security.debian.org/dists/stable/updates/main/binary-arm/zlib-bin_1.1.3-5.1_arm.deb
      MD5 checksum: f32088581e8ca649264f5ead2b8ff662
     http://security.debian.org/dists/stable/updates/main/binary-arm/zlib1g-dev_1.1.3-5.1_arm.deb
      MD5 checksum: b39746f9b8f5d0a1689de2ae3c87c067
     http://security.debian.org/dists/stable/updates/main/binary-arm/zlib1g_1.1.3-5.1_arm.deb
      MD5 checksum: e65571a96e96e55d83030e6f8ea62646

  Intel ia32 architecture:

     http://security.debian.org/dists/stable/updates/main/binary-i386/amaya_2.4-1potato1_i386.deb
      MD5 checksum: 9edc31d21f777409a4e836eac02edaf7
     http://security.debian.org/dists/stable/updates/main/binary-i386/dict_1.4.9-9potato1_i386.deb
      MD5 checksum: 1ef7ecdd761ae384185ce519a3a6e723
     
http://security.debian.org/dists/stable/updates/main/binary-i386/dictd_1.4.9-9potato1_i386.deb
      MD5 checksum: ff61f3719b33c0c839f3447f72066d78
     http://security.debian.org/dists/stable/updates/main/binary-i386/erlang_49.1-10.1_i386.deb
      MD5 checksum: d933a67f85b37f5b91b60bb7052ba443
     http://security.debian.org/dists/stable/updates/main/binary-i386/freeamp_2.0.6-2.1_i386.deb
      MD5 checksum: 0e60fd65d7c36c8fb2dc2dda5ae78ce7
     
http://security.debian.org/dists/stable/updates/main/binary-i386/libfreeamp-alsa_2.0.6-2.1_i386.deb
      MD5 checksum: 05508140d8b28de7a9677b442b034ca2
     
http://security.debian.org/dists/stable/updates/main/binary-i386/libfreeamp-esound_2.0.6-2.1_i386.deb
      MD5 checksum: 540e4bca658ab95e92b232cba362a0e8
     
http://security.debian.org/dists/stable/updates/main/binary-i386/mirrordir_0.10.48-2.1_i386.deb
      MD5 checksum: fd0d7ceb5fa949455b87b3beec7809d8
     http://security.debian.org/dists/stable/updates/main/binary-i386/ppp_2.3.11-1.5_i386.deb
      MD5 checksum: aab4d275165c490a7a153c080d26c232
     http://security.debian.org/dists/stable/updates/main/binary-i386/rsync_2.3.2-1.6_i386.deb
      MD5 checksum: dbb3fd68442fc31cd474f73feb6e69cd
     http://security.debian.org/dists/stable/updates/main/binary-i386/vrweb_1.5-5.1_i386.deb
      MD5 checksum: 38b6552e9531c4082e0e26b7b309a1bc
     http://security.debian.org/dists/stable/updates/main/binary-i386/zlib-bin_1.1.3-5.1_i386.deb
      MD5 checksum: 3b7a51b2f7920fbbdc41d0385d633277
     
http://security.debian.org/dists/stable/updates/main/binary-i386/zlib1-altdev_1.1.3-5.1_i386.deb
      MD5 checksum: ad125010b4fe3fd81450df3d9a4f4495
     http://security.debian.org/dists/stable/updates/main/binary-i386/zlib1_1.1.3-5.1_i386.deb
      MD5 checksum: a22ed0933265d6fc60e088e7b9fac767
     
http://security.debian.org/dists/stable/updates/main/binary-i386/zlib1g-dev_1.1.3-5.1_i386.deb
      MD5 checksum: 4bd5ee2a61508ad5a65c1f2cfdc999d1
     http://security.debian.org/dists/stable/updates/main/binary-i386/zlib1g_1.1.3-5.1_i386.deb
      MD5 checksum: fe990607608285642f4f5a8834a43515

  Motorola 680x0 architecture:
    amaya, erlang, and freeamp packages are not yet available

     http://security.debian.org/dists/stable/updates/main/binary-m68k/dict_1.4.9-9potato1_m68k.deb
      MD5 checksum: 53f263726d3ac8cdf9871f2afa1404e1
     
http://security.debian.org/dists/stable/updates/main/binary-m68k/dictd_1.4.9-9potato1_m68k.deb
      MD5 checksum: 5deebe594adb9c3fce05340aab13a93b
     
http://security.debian.org/dists/stable/updates/main/binary-m68k/mirrordir_0.10.48-2.1_m68k.deb
      MD5 checksum: f5f484a482df62b25c6672b0e6a36840
     http://security.debian.org/dists/stable/updates/main/binary-m68k/ppp_2.3.11-1.5_m68k.deb
      MD5 checksum: 41f54ba14ecaeb73b3e67f47fc4b449c
     http://security.debian.org/dists/stable/updates/main/binary-m68k/rsync_2.3.2-1.6_m68k.deb
      MD5 checksum: 6ddd7d495dddb8adab5f1ce2cb89cf46
     http://security.debian.org/dists/stable/updates/main/binary-m68k/zlib-bin_1.1.3-5.1_m68k.deb
      MD5 checksum: ed20e21e130998cdd9c3067c60a85284
     
http://security.debian.org/dists/stable/updates/main/binary-m68k/zlib1-altdev_1.1.3-5.1_m68k.deb
      MD5 checksum: 32f000160aaf7aeffe679340499a077d
     http://security.debian.org/dists/stable/updates/main/binary-m68k/zlib1_1.1.3-5.1_m68k.deb
      MD5 checksum: 8d5a20517f70e9e320effdbb94960d30
     
http://security.debian.org/dists/stable/updates/main/binary-m68k/zlib1g-dev_1.1.3-5.1_m68k.deb
      MD5 checksum: 0138affc09403329102cb2ac8c1e3233
     http://security.debian.org/dists/stable/updates/main/binary-m68k/zlib1g_1.1.3-5.1_m68k.deb
      MD5 checksum: f793784742e28455c638c5f222ad35ec

  PowerPC architecture:

     
http://security.debian.org/dists/stable/updates/main/binary-powerpc/amaya_2.4-1potato1_powerpc.deb
      MD5 checksum: 635468964d16fedf4adf2bc82ffb2487
     
http://security.debian.org/dists/stable/updates/main/binary-powerpc/dict_1.4.9-9potato1_powerpc.deb
      MD5 checksum: 180c1116e2ab5cc253ccdd904c895a1c
     
http://security.debian.org/dists/stable/updates/main/binary-powerpc/dictd_1.4.9-9potato1_powerpc.deb
      MD5 checksum: bb8952f706da3a6220edfa1a2517b427
     
http://security.debian.org/dists/stable/updates/main/binary-powerpc/erlang_49.1-10.1_powerpc.deb
      MD5 checksum: b1429ceccc01174a63061735ecc6be9f
     
http://security.debian.org/dists/stable/updates/main/binary-powerpc/freeamp_2.0.6-2.1_powerpc.deb
      MD5 checksum: 1c9bfdbda16f812b5710489f69ed769b
     
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libfreeamp-alsa_2.0.6-2.1_powerpc.deb
      MD5 checksum: 4a98275c96c880f922cc141660fe31a6
     
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libfreeamp-esound_2.0.6-2.1_powerpc.deb
      MD5 checksum: 43ae8f7d469b2d68c04f10ed4fedd09c
     
http://security.debian.org/dists/stable/updates/main/binary-powerpc/ppp_2.3.11-1.5_powerpc.deb
      MD5 checksum: a2f66003d6dbb68d4a45b82bfde535ba
     
http://security.debian.org/dists/stable/updates/main/binary-powerpc/rsync_2.3.2-1.6_powerpc.deb
      MD5 checksum: 208ee03e22c774110e6c1ce8058cb6ff
     http://security.debian.org/dists/stable/updates/main/binary-powerpc/vrweb_1.5-5.1_powerpc.deb
      MD5 checksum: 9a99930387c2a4e113d72b1e98a0f22d
     
http://security.debian.org/dists/stable/updates/main/binary-powerpc/zlib-bin_1.1.3-5.1_powerpc.deb
      MD5 checksum: 42b2797840af971b1539804f24961f9b
     
http://security.debian.org/dists/stable/updates/main/binary-powerpc/zlib1g-dev_1.1.3-5.1_powerpc.deb
      MD5 checksum: 1418015984f8eae6900c14aea7e34e27
     
http://security.debian.org/dists/stable/updates/main/binary-powerpc/zlib1g_1.1.3-5.1_powerpc.deb
      MD5 checksum: f3d4c6e5ac91121cc1788ad2918be87b

  Sun Sparc architecture:
    erlang packages are not yet available

     
http://security.debian.org/dists/stable/updates/main/binary-sparc/amaya_2.4-1potato1_sparc.deb
      MD5 checksum: 66daff720b4842ba2ffa189cb3ec71e1
     
http://security.debian.org/dists/stable/updates/main/binary-sparc/dict_1.4.9-9potato1_sparc.deb
      MD5 checksum: f21c262fc6ce524e4fa8890e9df664df
     
http://security.debian.org/dists/stable/updates/main/binary-sparc/dictd_1.4.9-9potato1_sparc.deb
      MD5 checksum: 50e092399da866eb963a5d1d8334231e
     http://security.debian.org/dists/stable/updates/main/binary-sparc/freeamp_2.0.6-2.1_sparc.deb
      MD5 checksum: 5d98e0b0fddfca6f7dd3419845dc0716
     
http://security.debian.org/dists/stable/updates/main/binary-sparc/libfreeamp-alsa_2.0.6-2.1_sparc.deb
      MD5 checksum: 9a9aae3e2675ceb57ea72f4fb97ee15f
     
http://security.debian.org/dists/stable/updates/main/binary-sparc/libfreeamp-esound_2.0.6-2.1_sparc.deb
      MD5 checksum: c866d84dcb7bdbf15c5f6fc248763a7c
     
http://security.debian.org/dists/stable/updates/main/binary-sparc/mirrordir_0.10.48-2.1_sparc.deb
      MD5 checksum: d8244127cddcef161e8897d97e01c412
     http://security.debian.org/dists/stable/updates/main/binary-sparc/ppp_2.3.11-1.5_sparc.deb
      MD5 checksum: 9e6908bc41505b6b9c52181106656295
     http://security.debian.org/dists/stable/updates/main/binary-sparc/rsync_2.3.2-1.6_sparc.deb
      MD5 checksum: 042eb6d05e0cc945b58f5016dbebb0b9
     http://security.debian.org/dists/stable/updates/main/binary-sparc/vrweb_1.5-5.1_sparc.deb
      MD5 checksum: 5f05c34d1a08204fe7112f2968cf092e
     
http://security.debian.org/dists/stable/updates/main/binary-sparc/zlib-bin_1.1.3-5.1_sparc.deb
      MD5 checksum: adb48a5e589c83b0f0bcb362b6ae9121
     
http://security.debian.org/dists/stable/updates/main/binary-sparc/zlib1g-dev_1.1.3-5.1_sparc.deb
      MD5 checksum: 23fda7fd35dddb0d6e57a4042b86c727
     http://security.debian.org/dists/stable/updates/main/binary-sparc/zlib1g_1.1.3-5.1_sparc.deb
      MD5 checksum: 6e1acae215a1e1073184936958f07d31

  These files will probably be moved into the stable distribution on
  its next revision.

---------------------------------------------------------------------------------
For apt-get: deb  http://security.debian.org/ stable/updates main
For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and  http://packages.debian.org/




 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
How Hackers Hid a Money-Mining Botnet in Amazonís Cloud
Homeland Security gets into software security
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.