[OpenPKG-SA-2005.014] OpenPKG Security Advisory (zlib)

From: OpenPKG (openpkg_at_openpkg.org)
Date: 07/28/05

  • Next message: NGSSoftware Insight Security Research: "HP OpenView Radia Management Agent remote command execution via directory traversal"
    Date: Thu, 28 Jul 2005 10:08:18 +0200
    To: bugtraq@securityfocus.com
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    ________________________________________________________________________

    OpenPKG Security Advisory The OpenPKG Project
    http://www.openpkg.org/security.html http://www.openpkg.org
    openpkg-security@openpkg.org openpkg@openpkg.org
    OpenPKG-SA-2005.014 28-Jul-2005
    ________________________________________________________________________

    Package: zlib
    Vulnerability: denial of service
    OpenPKG Specific: no

    Affected Releases: Affected Packages: Corrected Packages:
    OpenPKG CURRENT <= zlib-1.2.2-20050706 >= zlib-1.2.3-20050722
                         <= ghostscript-8.51-20050706 >= ghostscript-8.51-20050722
                         <= openpkg-20050706-20050706 >= openpkg-20050722-20050722
                         <= qt-3.3.4-20050707 >= qt-3.3.4-20050728

    OpenPKG 2.4 <= zlib-1.2.2-2.4.1 >= zlib-1.2.2-2.4.2
                         <= ghostscript-8.51-2.4.1 >= ghostscript-8.51-2.4.2
                         <= openpkg-2.4.1-2.4.1 >= openpkg-2.4.2-2.4.2
                         <= qt-3.3.4-2.4.1 >= qt-3.3.4-2.4.2

    OpenPKG 2.3 <= zlib-1.2.2-2.3.1 >= zlib-1.2.2-2.3.2
                         <= ghostscript-8.14-2.3.1 >= ghostscript-8.14-2.3.2
                         <= openpkg-2.3.4-2.3.4 >= openpkg-2.3.5-2.3.5
                         <= qt-3.3.4-2.3.1 >= qt-3.3.4-2.3.2

    Affected Releases: Dependent Packages:
    OpenPKG CURRENT abiword aegis aide analog apache apache2 autotrace
                         blender bsdtar cadaver cairo citadel clamav
                         cups curl cvs cvsps cvsync dia doxygen emacs
                         ethereal exim expat file firefox flowtools gd
                         geoip gif2png gift-gnutella gift-openft gimp gmime
                         gnome-vfs gnupg gnuplot gnutls htdig imagemagick
                         ircd jitterbug kcd lbreakout lcms libarchive
                         librsync libwmf libxml lout lynx magicpoint mcrypt
                         mixmaster mng mozilla mplayer mrtg mysql mysql3
                         mysql40 mysql41 mysqlcc nagios neon netpbm opencdk
                         openpkg openssh openssl pdflib perl-comp perl-gd
                         perl-tk pgpdump php php3 php5 pnet png postgresql
                         postgresql7 pstoedit python qt ratbox ripe-dbase
                         rrdtool ruby scribus sio subversion tardy tetex
                         tiff tightvnc transfig ttmkfdir w3m webalizer wml
                         wv xdelta xemacs xfig xmame xplanet xv zimg

    OpenPKG 2.4 aegis aide analog apache apache2 autotrace cadaver
                         cairo clamav curl cvs emacs exim expat file
                         firefox flowtools gd geoip gif2png gift-gnutella
                         gift-openft gimp gmime gnupg gnuplot htdig
                         imagemagick ircd lcms libwmf libxml lout lynx
                         magicpoint mng mozilla mrtg mysql mysql40 neon
                         netpbm opencdk openssh openssl pdflib perl-comp
                         perl-tk php php5 png postgresql postgresql7
                         pstoedit python ratbox ripe-dbase rrdtool sio
                         subversion tardy tetex tiff tightvnc transfig
                         ttmkfdir w3m webalizer wml xdelta xfig xv

    OpenPKG 2.3 aegis aide analog apache apache2 autotrace cadaver
                         clamav curl cvs emacs exim expat file flowtools
                         gd geoip gif2png gift-gnutella gift-openft gimp
                         gmime gnupg gnuplot htdig imagemagick ircd lcms
                         libwmf libxml lout lynx mng mozilla mrtg mysql
                         mysql40 neon netpbm opencdk openssh openssl
                         pdflib perl-comp perl-tk php php5 png postgresql
                         postgresql7 pstoedit python ripe-dbase rrdtool
                         sio subversion tardy tetex tiff tightvnc transfig
                         ttmkfdir w3m webalizer wml xdelta xfig xv

    Description:
      A previous ZLib [1] update for CAN-2005-2096 fixed a Denial of Service
      (DoS) flaw that could allow a carefully crafted compressed stream to
      crash an application. While the original patch corrected the reported
      overflow, Markus Oberhumer discovered additional ways a stream could
      trigger an overflow. The Common Vulnerabilities and Exposures (CVE)
      project assigned the id CAN-2005-1849 [2] to the problem.

      Please check whether you are affected by running "<prefix>/bin/openpkg
      rpm -q zlib". If you have the "zlib" package installed and its version
      is affected (see above), we recommend that you immediately upgrade it
      (see Solution) and its dependent packages (see above), too [3][4].

    Solution:
      Select the updated source RPM appropriate for your OpenPKG release
      [5][6], fetch it from the OpenPKG FTP service [7][8] or a mirror
      location, verify its integrity [9], build a corresponding binary RPM
      from it [3] and update your OpenPKG installation by applying the
      binary RPM [4]. For the most recent release OpenPKG 2.4, perform the
      following operations to permanently fix the security problem (for
      other releases adjust accordingly).

      $ ftp ftp.openpkg.org
      ftp> bin
      ftp> cd release/2.4/UPD
      ftp> get zlib-1.2.2-2.4.2.src.rpm
      ftp> bye
      $ <prefix>/bin/openpkg rpm -v --checksig zlib-1.2.2-2.4.2.src.rpm
      $ <prefix>/bin/openpkg rpm --rebuild zlib-1.2.2-2.4.2.src.rpm
      $ su -
      # <prefix>/bin/openpkg rpm -Fvh <prefix>/RPM/PKG/zlib-1.2.2-2.4.2.*.rpm

      Additionally, we recommend that you rebuild and reinstall
      all dependent packages (see above), if any, too [3][4].
    ________________________________________________________________________

    References:
      [1] http://www.zlib.net/
      [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1849
      [3] http://www.openpkg.org/tutorial.html#regular-source
      [4] http://www.openpkg.org/tutorial.html#regular-binary
      [5] ftp://ftp.openpkg.org/release/2.4/UPD/zlib-1.2.2-2.4.2.src.rpm
      [6] ftp://ftp.openpkg.org/release/2.3/UPD/zlib-1.2.2-2.3.2.src.rpm
      [7] ftp://ftp.openpkg.org/release/2.4/UPD/
      [8] ftp://ftp.openpkg.org/release/2.3/UPD/
      [9] http://www.openpkg.org/security.html#signature
    ________________________________________________________________________

    For security reasons, this advisory was digitally signed with the
    OpenPGP public key "OpenPKG <openpkg@openpkg.org>" (ID 63C4CB9F) of the
    OpenPKG project which you can retrieve from http://pgp.openpkg.org and
    hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org/
    for details on how to verify the integrity of this advisory.
    ________________________________________________________________________

    -----BEGIN PGP SIGNATURE-----
    Comment: OpenPKG <openpkg@openpkg.org>

    iD8DBQFC6JIRgHWT4GPEy58RAun3AJ9mvppzpQs4m5xWs/G2LC7Q/UQf2QCffSoz
    nziZUeYND7D9aHtJ93N0+PA=
    =EzY9
    -----END PGP SIGNATURE-----


  • Next message: NGSSoftware Insight Security Research: "HP OpenView Radia Management Agent remote command execution via directory traversal"

    Relevant Pages

    • [Full-Disclosure] [OpenPKG-SA-2003.043] OpenPKG Security Advisory (proftpd)
      ... According to an ISS X-Force security advisory, a vulnerability ... when transferring files from the FTP server in ASCII mode. ... and a buffer overflow can manifest if ProFTPD parses a specially ... Select the updated source RPM appropriate for your OpenPKG release ...
      (Full-Disclosure)
    • [OpenPKG-SA-2003.043] OpenPKG Security Advisory (proftpd)
      ... According to an ISS X-Force security advisory, a vulnerability ... when transferring files from the FTP server in ASCII mode. ... and a buffer overflow can manifest if ProFTPD parses a specially ... Select the updated source RPM appropriate for your OpenPKG release ...
      (Bugtraq)
    • [Full-Disclosure] [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail)
      ... According to a confirmed security advisory from Michal Zalewski ... a remotely exploitable vulnerability exists in all versions ... Select the updated source RPM appropriate for your OpenPKG release ... $ ftp ftp.openpkg.org ...
      (Full-Disclosure)
    • [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail)
      ... According to a confirmed security advisory from Michal Zalewski ... a remotely exploitable vulnerability exists in all versions ... Select the updated source RPM appropriate for your OpenPKG release ... $ ftp ftp.openpkg.org ...
      (Bugtraq)
    • [OpenPKG-SA-2005.023] OpenPKG Security Advisory (openvpn)
      ... vulnerability exists in the OpenVPN network security application. ... another DoS situation can occur if OpenVPN in TCP server ... Select the updated source RPM appropriate for your OpenPKG release ... $ ftp ftp.openpkg.org ...
      (Bugtraq)