-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2005-77 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp -------------------------------------------------------------------------- Original released date: 11 Jul 2005 Last revised: 11 Jul 2005 Package: zlib Summary: Buffer overflow More information: Zlib is a widely used compression and decompression library. A buffer overflow vulnerability exists in zlib. Impact: The zlib allows attackers to cause a denial of service via a crafted file. Affected Products: - Turbolinux 10 Server Solution: Please use the turbopkg (zabom) tool to apply the update. --------------------------------------------- # turbopkg or # zabom -u zlib zlib-devel --------------------------------------------- Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/zlib-1.2.1-4.src.rpm 293562 ccc7c91245fd4915b9c437df5d8507b2 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/zlib-1.2.1-4.i586.rpm 65883 db85def8bf7e2c4056bcaae7335f03ab ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/zlib-debug-1.2.1-4.i586.rpm 125754 6588b66e89375b9ec9df6c1753628c42 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/zlib-devel-1.2.1-4.i586.rpm 61584 4884c0ca20644d34ddb339549187dedb References: CVE [CAN-2005-2096] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096 -------------------------------------------------------------------------- Revision History 11 Jul 2005 Initial release -------------------------------------------------------------------------- Copyright(C) 2005 Turbolinux, Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFC0hzrK0LzjOqIJMwRAl71AJ9NoBH54Un8KGxnmYI1+y5iXwE+hwCdFUm+ IukMopqTxoX+N6V7G+pBevM= =PPTv -----END PGP SIGNATURE-----