NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Immunix Linux> 2003-q2

[Immunix-announce] Immunix Secured OS 7+ zlib update

From: Immunix Security Team (securityimmunix.com)
Date: Thu Jun 05 2003 - 19:25:02 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----------------------------------------------------------------------
Immunix Secured OS Security Advisory

Packages updated: zlib
Affected products: Immunix OS 7+
Bugs fixed: CAN-2003-0107
Date: Thu Jun 5 2003
Advisory ID: IMNX-2003-7+-015-01
Author: Seth Arnold <sarnoldimmunix.com>
-----------------------------------------------------------------------

Description:
  Richard Kettlewell has discovered a buffer overflow in zlib's gzprintf()
  function, which provides printf(3)-like functionality for compressed
  files. This update, includs a patch from the OpenPKG project, fixes
  this problem by enabling autoconf tests for vsnprintf(3).

  The buffer that can be overflowed is allocated on the stack, so
  StackGuard should convert any exploits from code execution to denial
  of service attacks, though we haven't tested this.

References: http://www.securityfocus.com/archive/1/312869

Package names and locations:
  Precompiled binary packages for Immunix 7+ are available at:
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/zlib-1.1.3-25.7_imnx_2.i386.rpm
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/zlib-devel-1.1.3-25.7_imnx_2.i386.rpm

Immunix OS 7+ md5sums:
70b415159ec9e380e3eafba55b2d9ef9 RPMS/zlib-1.1.3-25.7_imnx_2.i386.rpm
42e27e7e1e56f667a89b8be8349e495e RPMS/zlib-devel-1.1.3-25.7_imnx_2.i386.rpm

GPG verification:
Our public key is available at <http://wirex.com/security/GPG_KEY>.

NOTE:
  Ibiblio is graciously mirroring our updates, so if the links above are
  slow, please try:
    ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
  or one of the many mirrors available at:
    http://www.ibiblio.org/pub/Linux/MIRRORS.html

ImmunixOS 6.2 is no longer officially supported.
ImmunixOS 7.0 is no longer officially supported.

Contact information:
  To report vulnerabilities, please contact securitywirex.com. WireX
  attempts to conform to the RFP vulnerability disclosure protocol
  <http://www.wiretrip.net/rfp/policy.html>.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj7f31wACgkQVQcWL60UVMs7hACbBm7t5vBDhJPzk7h9O+PD+2vH
fKoAoJYGu7JnjpCPCHDeO6I4ZC+YX3WC
=OJeb
-----END PGP SIGNATURE-----

_______________________________________________
Immunix-announce mailing list
Immunix-announcewirex.com
http://mail.wirex.com/mailman/listinfo/immunix-announce

_______________________________________________
Immunix-users mailing list
Immunix-usersmail.wirex.com
http://mail.wirex.com/mailman/listinfo/immunix-users

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]