Gentoo: 200303-25 Critical: zlib Buffer Overrun Remote Exploit
gentoo
March 28, 2003
The function gzprintf() is similar in behaviour to fprintf() except that by default, this function will smash the stack if called with arguments that expand to more than Z_PRINTF_B...
Summary
- - --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200303-25 - - ---------------------------------------------------------------------
- - ---------------------------------------------------------------------
- From advisory: "zlib contains a function called gzprintf(). This is similar in behaviour to fprintf() except that by default, this function will smash the stack if called with arguments that expand to more than Z_PRINTF_BUFSIZE (=4096 by default) bytes."
Read the full advisory at
SOLUTION
It is recommended that all Gentoo Linux users who are running sys-libs/zlib upgrade to zlib-1.1.4-r1 as follows:
emerge sync emerge zlib emerge clean
- - --------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at - - ---------------------------------------------------------------------
1.1.4-r1
Topics Covered
Resolution
References
Availability
style>.gentoo_availability{display:block;}
Concerns
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
PACKAGE : zlib
SUMMARY : buffer overrun
DATE : 2003-03-28 10:50 UTC
EXPLOIT : remote
VERSIONS AFFECTED : <1.1.4-r1 : fixed version>=1.1.4-r1
CVE : CAN-2003-0107
Topics Covered
Background
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Affected Packages
Impact
Workaround
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!