TurboLinux Information for VU#680620

zlib inflate() routine vulnerable to buffer overflow

Status

Not Affected

Vendor Statement

Please refer to the following URL:

English

http://www.turbolinux.com/security/2005/TLSA-2005-77.txt

Japanese

http://www.turbolinux.co.jp/security/2005/TLSA-2005-77j.txt

Other products are "Not Vulnerable".

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2005-77
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 11 Jul 2005
Last revised: 11 Jul 2005

Package: zlib

Summary: Buffer overflow

More information:
Zlib is a widely used compression and decompression library.
A buffer overflow vulnerability exists in zlib.

Impact:
The zlib allows attackers to cause a denial of service via a crafted file.

Affected Products:
- Turbolinux 10 Server

Solution:
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
# turbopkg
or
# zabom -u zlib zlib-devel
---------------------------------------------


<Turbolinux 10 Server>

Source Packages
Size: MD5

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/zlib-1.2.1-4.src.rpm
293562 ccc7c91245fd4915b9c437df5d8507b2

Binary Packages
Size: MD5

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/zlib-1.2.1-4.i586.rpm
65883 db85def8bf7e2c4056bcaae7335f03ab
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/zlib-debug-1.2.1-4.i586.rpm
125754 6588b66e89375b9ec9df6c1753628c42
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/zlib-devel-1.2.1-4.i586.rpm
61584 4884c0ca20644d34ddb339549187dedb


References:

CVE
[CAN-2005-2096]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096

--------------------------------------------------------------------------
Revision History
11 Jul 2005 Initial release
--------------------------------------------------------------------------

Copyright(C) 2005 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC0hzrK0LzjOqIJMwRAl71AJ9NoBH54Un8KGxnmYI1+y5iXwE+hwCdFUm+
IukMopqTxoX+N6V7G+pBevM=
=PPTv
-----END PGP SIGNATURE-----

If you have feedback, comments, or additional information about this vulnerability, please send us email.