OpenPKG Corporation → Security → Security Advisories

OpenPKG Security Advisory

OpenPKG-SA-2002.003

Publisher Name:          OpenPKG GmbH
Publisher Home:          http://openpkg.com/

Advisory Id (public):    OpenPKG-SA-2002.003
Advisory Type:           OpenPKG Security Advisory (SA)
Advisory Directory:      http://openpkg.com/go/OpenPKG-SA
Advisory Document:       http://openpkg.com/go/OpenPKG-SA-2002.003
Advisory Published:      2010-02-09 13:36 UTC

Issue Id (internal):     OpenPKG-SI-20020312.01
Issue First Created:     2002-03-12
Issue Last Modified:     2006-11-28
Issue Revision:          06


Subject Name:            zlib
Subject Summary:         zlib Compression Library
Subject Home:            http://www.info-zip.org/pub/infozip/zlib/
Subject Versions:        * <= 1.1.3

Vulnerability Id:        cert:VN-368819
Vulnerability Scope:     global (not OpenPKG specific)

Attack Feasibility:      run-time
Attack Vector:           remote network
Attack Impact:           denial of service, exposure of sensitive information,
                         arbitrary code execution

Description:
    According to a Zlib Security Advisory [5] and the original CERT
    Security Advisory [6] from Jeffrey P. Lanza, there is a bug in the
    Zlib compression library that may manifest itself as a vulnerability
    in programs that are linked with Zlib. This may allow an attacker to
    conduct a denial-of-service attack, gather information, or execute
    arbitrary code. The vulnerability results from a programming error
    that causes segments of dynamically allocated memory to be released
    more than once.

References:
    [1]  http://www.openpkg.org/security.html#signature
    [2]  http://www.openpkg.org/tutorial.html#regular-source
    [3]  ftp://ftp.openpkg.org/release/1.0/UPD/
    [4]  ftp://ftp.openpkg.org/release/1.0/UPD/zlib-1.1.3-1.0.1.src.rpm
    [5]  http://www.gzip.org/zlib/advisory-2002-03-11.txt
    [6]  http://www.kb.cert.org/vuls/id/368819
    [7]  ftp://ftp.openpkg.org/release/1.0/UPD/cvs-1.11.1p1-1.0.1.src.rpm
    [8]  ftp://ftp.openpkg.org/release/1.0/UPD/gnupg-1.0.6-1.0.2.src.rpm
    [9]  ftp://ftp.openpkg.org/release/1.0/UPD/rrdtool-1.0.33-1.0.1.src.rpm
    [10] ftp://ftp.openpkg.org/release/1.0/UPD/rsync-2.5.0-1.0.1.src.rpm


Primary Package Name:    zlib
Primary Package Home:    http://openpkg.org/go/package/zlib

Affected Distribution:   Affected Branch:  Affected Package:
OpenPKG Community        1.0-SOLID         cvs-1.11.1p1-1.0.0
OpenPKG Community        1.0-SOLID         gnu-1.0.6-1.0.1
OpenPKG Community        1.0-SOLID         rrdtool-1.0.33-1.0.0
OpenPKG Community        1.0-SOLID         rsync-2.5.0-1.0.0
OpenPKG Community        1.0-SOLID         zlib-1.1.3-1.0.0

Corrected Distribution:  Corrected Branch: Corrected Package:
OpenPKG Community        1.0-SOLID         cvs-1.11.1p1-1.0.1
OpenPKG Community        1.0-SOLID         gnu-1.0.6-1.0.2
OpenPKG Community        1.0-SOLID         rrdtool-1.0.33-1.0.1
OpenPKG Community        1.0-SOLID         rsync-2.5.0-1.0.1
OpenPKG Community        1.0-SOLID         zlib-1.1.3-1.0.1

→ Plain Text Version

Latest Advisories:
2007.023 perl
2007.022 bind
2007.021 wordpress
2007.020 php
2007.019 php
2007.018 freetype
2007.017 ratbox
2007.016 gd
2007.015 quagga
2007.014 bind
→ more...

Validation: XHTML | CSS

Organisations
Products
- OpenPKG Community
- Features
- Technology Pitch
- Package Database
- Registration
  - Registration Overview
  - Registry Service
- Download
  - Download Policy
  - Download Service
- Sales
  - Request
Services
Security
Documentation
- Flyer
- Presentation
- Showcase
- Article
- Thesis
- Tutorial
- Packaging
- F.A.Q
Community
My OpenPKG