US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

TurboLinux Information for VU#680620

Date Notified:2005-07-11
Date Updated:
Statement Date:
Status Summary:Not Vulnerable

Vendor Statement

Please refer to the following URL:

English

http://www.turbolinux.com/security/2005/TLSA-2005-77.txt

Japanese

http://www.turbolinux.co.jp/security/2005/TLSA-2005-77j.txt

Other products are "Not Vulnerable".

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2005-77
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 11 Jul 2005
Last revised: 11 Jul 2005

Package: zlib

Summary: Buffer overflow

More information:
Zlib is a widely used compression and decompression library.
A buffer overflow vulnerability exists in zlib.

Impact:
The zlib allows attackers to cause a denial of service via a crafted file.

Affected Products:
- Turbolinux 10 Server

Solution:
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
# turbopkg
or
# zabom -u zlib zlib-devel
---------------------------------------------


<Turbolinux 10 Server>

Source Packages
Size: MD5

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/zlib-1.2.1-4.src.rpm
293562 ccc7c91245fd4915b9c437df5d8507b2

Binary Packages
Size: MD5

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/zlib-1.2.1-4.i586.rpm
65883 db85def8bf7e2c4056bcaae7335f03ab
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/zlib-debug-1.2.1-4.i586.rpm
125754 6588b66e89375b9ec9df6c1753628c42
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/zlib-devel-1.2.1-4.i586.rpm
61584 4884c0ca20644d34ddb339549187dedb


References:

CVE
[CAN-2005-2096]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096

--------------------------------------------------------------------------
Revision History
11 Jul 2005 Initial release
--------------------------------------------------------------------------

Copyright(C) 2005 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC0hzrK0LzjOqIJMwRAl71AJ9NoBH54Un8KGxnmYI1+y5iXwE+hwCdFUm+
IukMopqTxoX+N6V7G+pBevM=
=PPTv
-----END PGP SIGNATURE-----

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Produced 2009 by US-CERT, a government organization
Disclaimers and copyright information