Slackware alert: zlib upgrade fixes vulnerability

Posted by dave on Mar 11, 2002 1:12 PM EDT
Mailing list
Mail this story
Print this story

New zlib packages are available to fix a security problem which may impact programs that link with zlib.

New zlib packages are available to fix a security problem which may impact
programs that link with zlib.

Here's the information from the Slackware 8.0 ChangeLog:

---------------------------- Mon Mar 11 13:32:40 PST 2002 patches/packages/zlib.tgz: Upgraded to zlib-1.1.4. This fixes a security problem which may introduce vulnerabilities into any program that links with zlib. Quoting the advisory on zlib.org:

"Depending upon how and where the zlib routines are called from the given program, the resulting vulnerability may have one or more of the following impacts: denial of service, information leakage, or execution of arbitrary code."

Sites are urged to upgrade the zlib package immediately.

The complete advisory may be found here: http://www.zlib.org/advisory-2002-03-11.txt

(* Security fix *) ----------------------------

WHERE TO FIND THE NEW PACKAGE: ------------------------------ Updated zlib package for Slackware 7.1: ftp://ftp.slackware.com/pub/slackware/slackware-7.1/patches/packages/zlib.tgz

Updated zlib package for Slackware 8.0: ftp://ftp.slackware.com/pub/slackware/slackware-8.0/patches/packages/zlib.tgz

Updated zlib package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/zlib-1.1.4/packages/zlib-1.1.4-i386-1.tgz

MD5 SIGNATURE: --------------

Here is the md5sum for the package:

Slackware 7.1: 8371e3ea1d8d0f624edc43ede13e82dd zlib.tgz

Slackware 8.0: 7e5187be97632b446c214cf62fc94fff zlib.tgz

Slackware -current: 5d9968475642c822ae11cce8c5504ece zlib-1.1.4-i386-1.tgz

INSTALLATION INSTRUCTIONS: --------------------------

As root, upgrade to the new zlib.tgz package: # upgradepkg zlib.tgz

Afterwards, restart any running programs that link to libz.so.

Remember, it's also a good idea to backup configuration files before upgrading packages.

- Slackware Linux Security Team http://www.slackware.com

+------------------------------------------------------------------------+ | HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back. Follow the instructions to | | complete the unsubscription. Do not reply to this message to | | unsubscribe! | +------------------------------------------------------------------------+

  Nav
» Read more about: Story Type: Security; Groups: Slackware

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.