Advisories
Mandriva Advisories
|
 |
| Problem Description |
Matthias Clasen found a security issue in zlib that, when provided with
certain input, causes zlib to free an area of memory twice. This
"double free" bug can be used to crash any programs that take untrusted
compressed input, such as web browsers, email clients, image viewing
software, etc. This vulnerability can be used to perform Denial of
Service attacks and, quite possibly, the execution of arbitrary code on
the affected system.
MandrakeSoft has published two advisories concerning this incident:
MDKSA-2002:022 - zlib
MDKSA-2002:023 - packages containing zlib
Update:
Additional package are now available. For a list of prior packages
released, please see MDKSA-2002:023. The noted packages below are in
addition to MDKSA-2002:023; no packages have been replaced.
| Updated Packages |
Mandrakelinux 7.1
2d27c00ee4d2ab51a6aadb8f40dad47f 7.1/RPMS/mirrordir-0.10.44-4.2mdk.i586.rpm 338b5c6dcbb77ed47af0872d7ab25546 7.1/SRPMS/mirrordir-0.10.44-4.2mdk.src.rpm
Mandrakelinux 7.2
66c94355997803c9882290a0b0cb5d0d 7.2/RPMS/mirrordir-0.10.44-4.1mdk.i586.rpm 1f97eb5eeb8289cc467075f954adf8d5 7.2/SRPMS/mirrordir-0.10.44-4.1mdk.src.rpm
Mandrakelinux 8.0
5b57acce2c0d4d540a976732708e9fb1 8.0/RPMS/libdiffie1-0.10.49-4.1mdk.i586.rpm e5d13156d7d49283b7d38454146a1061 8.0/RPMS/libdiffie1-devel-0.10.49-4.1mdk.i586.rpm dc76274eeebe8f532dc2d3f9bd609de7 8.0/RPMS/libgcj-2.96-2.1mdk.i586.rpm c7797c0a4d1db9cc989e556824e32b5b 8.0/RPMS/libgcj-devel-2.96-2.1mdk.i586.rpm 87145d7098dbfe2ba2afe9221975de20 8.0/RPMS/libmirrordirz1-0.10.49-4.1mdk.i586.rpm 6d18ea3747ed788ea810e08740657be4 8.0/RPMS/libmirrordirz1-devel-0.10.49-4.1mdk.i586.rpm 0a51fab455d57ff2a077a0ca67c92f84 8.0/RPMS/mirrordir-0.10.49-4.1mdk.i586.rpm 33aa51f4fd5001939fa0da7595ae71f2 8.0/SRPMS/libgcj-2.96-2.1mdk.src.rpm a3418ab0c7871a9dae31c6d0c4ec8297 8.0/SRPMS/mirrordir-0.10.49-4.1mdk.src.rpm
Mandrakelinux 8.0/PPC
3354f857f116912c46e25d8da41a96b4 ppc/8.0/RPMS/libdiffie1-0.10.49-4.1mdk.ppc.rpm 55adf8d07c9f2a6fb6f805586aaa2158 ppc/8.0/RPMS/libdiffie1-devel-0.10.49-4.1mdk.ppc.rpm 4f038b0280b46da823cbeccd247ee2e9 ppc/8.0/RPMS/libmirrordirz1-0.10.49-4.1mdk.ppc.rpm 7acd9c8829ae6158a0a33b6e90ff6f09 ppc/8.0/RPMS/libmirrordirz1-devel-0.10.49-4.1mdk.ppc.rpm 73a05a049a7abbacf6418099b40b85bf ppc/8.0/RPMS/mirrordir-0.10.49-4.1mdk.ppc.rpm a3418ab0c7871a9dae31c6d0c4ec8297 ppc/8.0/SRPMS/mirrordir-0.10.49-4.1mdk.src.rpm
Mandrakelinux 8.1
dad3b87f67063c3b3f408f1d5bc3f563 8.1/RPMS/libdiffie1-0.10.49-4.1mdk.i586.rpm 9ebbd056896bcd37a7529fc691d6e630 8.1/RPMS/libdiffie1-devel-0.10.49-4.1mdk.i586.rpm e1892ff3678c5834939ac126d2b5099e 8.1/RPMS/libgcj-2.96-4.1mdk.i586.rpm a7b86d4d31b8db6fc6d52d9af2adb363 8.1/RPMS/libgcj-devel-2.96-4.1mdk.i586.rpm 39a8ac80320b606dfee1351793588129 8.1/RPMS/libmirrordirz1-0.10.49-4.1mdk.i586.rpm d6a48a1475811246cb7c81c6d215d88c 8.1/RPMS/libmirrordirz1-devel-0.10.49-4.1mdk.i586.rpm 8cf0df0d8d996424fbdee0f2063935d0 8.1/RPMS/mirrordir-0.10.49-4.1mdk.i586.rpm 8c7ddb0e3765fa6a5ee8e2eac72dcaca 8.1/SRPMS/libgcj-2.96-4.1mdk.src.rpm a3418ab0c7871a9dae31c6d0c4ec8297 8.1/SRPMS/mirrordir-0.10.49-4.1mdk.src.rpm
Mandrakelinux 8.1/IA64
da3cc5c42395aaf89ef77c877c6e8909 ia64/8.1/RPMS/libdiffie1-0.10.49-4.1mdk.ia64.rpm 8635c1d2707c026c0f8026dfccc3a6c1 ia64/8.1/RPMS/libdiffie1-devel-0.10.49-4.1mdk.ia64.rpm 7258fbf7a30dae9da9418bbd11baeca8 ia64/8.1/RPMS/libmirrordirz1-0.10.49-4.1mdk.ia64.rpm e0f35d1d2685b2a9a3cf7ec3c8231102 ia64/8.1/RPMS/libmirrordirz1-devel-0.10.49-4.1mdk.ia64.rpm 7b6daba21f5b12bdb75c712a467abfb6 ia64/8.1/RPMS/mirrordir-0.10.49-4.1mdk.ia64.rpm a3418ab0c7871a9dae31c6d0c4ec8297 ia64/8.1/SRPMS/mirrordir-0.10.49-4.1mdk.src.rpm
Corporate Server 1.0.1
2d27c00ee4d2ab51a6aadb8f40dad47f 1.0.1/RPMS/mirrordir-0.10.44-4.2mdk.i586.rpm 338b5c6dcbb77ed47af0872d7ab25546 1.0.1/SRPMS/mirrordir-0.10.44-4.2mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0059
http://www.kb.cert.org/vuls/id/368819
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.