3Com Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Alcatel Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Apple Computer, Inc. Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

AT&T Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Avaya Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Avici Systems Inc. Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Borderware Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Check Point Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Chiaro Networks Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Cisco Systems, Inc. Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Cisco Systems, Inc. Unknown

Notified:  August 31, 2005 Updated: August 31, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Clavister Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Computer Associates Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Cray Inc. Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

CVS Home Affected

Updated:  October 05, 2005

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

From the CVS version 1.12.13 NEWS file: CVS now uses version 1.2.3 of the ZLib compression libraries in order to avoid two recently announced security vulnerabilities in them. Both may be used for denial of service attacks and one may reportedly allow execution of arbitrary code, though this is not confirmed. Please see the CERT vulnerabilities advisories #238678 & #680620 for more. Note that according to CVS HOME, CVS development and the CVS information pages have moved to http://www.nongnu.org/cvs/.

Cwnt Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Data Connection Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Debian Linux Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

EMC Corporation Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Engarde Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

eSoft Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Extreme Networks Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

F5 Networks, Inc. Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Force10 Networks Inc. Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Fortinet Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Foundry Networks Inc. Not Affected

Notified:  July 11, 2005 Updated: July 13, 2005

Status

Not Affected

Vendor Statement

Foundry is not vulnerable to this DoS vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

FreeBSD, Inc. Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

FreeBSD 5.3 and FreeBSD 5.4 are affected by this issue. It was addressed in the security advisory FreeBSD-SA-05:16.zlib, which provides instructions on how to correct the problem.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 FreeBSD-SA-05:16.zlib Security Advisory The FreeBSD Project Topic: Buffer overflow in zlib Category: core Module: libz Announced: 2005-07-06 Credits: Tavis Ormandy Affects: FreeBSD 5.3, FreeBSD 5.4 Corrected: 2005-07-06 14:01:11 UTC (RELENG_5, 5.4-STABLE) 2005-07-06 14:01:30 UTC (RELENG_5_4, 5.4-RELEASE-p4) 2005-07-06 14:01:52 UTC (RELENG_5_3, 5.3-RELEASE-p18) CVE Name: CAN-2005-2096 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background zlib is a compression library used by numerous applications to provide data compression/decompression routines. II. Problem Description An error in the handling of corrupt compressed data streams can result in a buffer being overflowed. III. Impact By carefully crafting a corrupt compressed data stream, an attacker can overwrite data structures in a zlib-using application. This may cause the application to halt, causing a denial of service; or it may result in the attacker gaining elevated privileges. IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 5-STABLE, or to the RELENG_5_4 or RELENG_5_3 security branch dated after the correction date. 2) To patch your present system: The following patch has been verified to apply to FreeBSD 5.3 and 5.4 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:16/zlib.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:16/zlib.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/lib/libz/ # make obj && make depend && make && make install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path RELENG_5 src/lib/libz/inftrees.c 1.4.2.2 RELENG_5_4 src/UPDATING 1.342.2.24.2.13 src/sys/conf/newvers.sh 1.62.2.18.2.9 src/lib/libz/inftrees.c 1.4.6.1 RELENG_5_3 src/UPDATING 1.342.2.13.2.21 src/sys/conf/newvers.sh 1.62.2.15.2.23 src/lib/libz/inftrees.c 1.4.4.1 VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096 The latest revision of this advisory is available at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:16.zlib.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFCy+TYFdaIBMps37IRAqB2AJ4j+wdqj1zJJZdTjskufo7rrsHhcwCgi0SZ wXRUgGbgl/DtNzyvHi7t/bc= =anun -----END PGP SIGNATURE-----

Fujitsu Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Gentoo Affected

Updated:  July 13, 2005

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see http://www.gentoo.org/security/en/glsa/glsa-200507-05.xml

GTA Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Hewlett-Packard Company Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Hitachi Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Hyperchip Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

IBM Corporation Unknown

Notified:  July 11, 2005 Updated: August 09, 2005

Status

Unknown

Vendor Statement

The AIX operating system is not vulnerable to the issues discussed in Vulnerability Note VU#680620. However, zlib is available for installation on AIX via the AIX Toolbox for Linux. These items are shipped "as is" and are unwarranted. A patched version of the zlib library can be downloaded from: ftp://ftp.software.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/zlib/zlib-1.2.2-4.aix5.1.ppc.rpm

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

IBM eServer Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

IBM-zSeries Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Immunix Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Ingrian Networks, Inc. Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Inoto Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Intel Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

IPf Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

ISS Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Juniper Networks, Inc. Not Affected

Notified:  July 11, 2005 Updated: July 22, 2005

Status

Not Affected

Vendor Statement

Juniper Networks products are not susceptible to this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Linksys Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Lucent Technologies Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Luminous Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Mandriva, Inc. Affected

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Affected

Vendor Statement

Mandriva has released updated packages to correct the zlib vulnerability. For more information view the MDKSA-2005:112 advisory. http://www.mandriva.com/security/advisories?name=MDKSA-2005:112

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Mandriva, Inc. Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Microsoft Corporation Not Affected

Notified:  July 11, 2005 Updated: July 12, 2005

Status

Not Affected

Vendor Statement

Our initial investigation has revealed that currently supported versions of Microsoft Windows are not at risk from this vulnerability. Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a fix through our monthly release process or an out-of-cycle security update, depending on customer needs.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

MontaVista Software, Inc. Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Multinet Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Multi-Tech Systems Inc. Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

NEC Corporation Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

NetBSD Not Affected

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NetBSD Security Note 20050708-1 Topic: NetBSD base system not vulnerable to zlib overflow pkgsrc did provide vulnerable versions A zlib buffer overflow has been announced. http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-2096 The NetBSD Security Officer team was aware of this issue, and would like to reassure users that the NetBSD base system is not vulnerable. The bug was introduced in changes to zlib after 1.1.4, the latest version supplied in the base install of NetBSD. The vulnerable version, 1.2.2 has been available from pkgsrc. Users of the audit-packages tool will already have noticed that version is marked as vulnerable, and the 1.2.2nb1 update addresses the issue. Other pkgsrc users are encouraged to update devel/zlib to 1.2.2nb1, as well as to take advantage of the security/audit-packages infrastructure. Thanks To Tavis Ormandy Colin Percival Mark Adler Matthias Drochner Matthias Scheler More Information Information about NetBSD and NetBSD security can be found at http://www.NetBSD.org/ and http://www.NetBSD.org/Security/. Copyright 2005, The NetBSD Foundation, Inc. All Rights Reserved. Redistribution permitted only in full, unmodified form. $NetBSD: NetBSD-SN20050708-1.txt,v 1.1 2005/07/08 15:54:11 david Exp $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (NetBSD) iQCVAwUBQs6+TD5Ru2/4N2IFAQI9HAQAvT7R6nDbr+xDroAXYkZrs2zdI9gkIStc UswbbKNP1G8D90h4nIKrXtvNyG+e4squRtawLB06Fylu+OkielUWeTPIzzwmef0V qWqWBxg1EWM2WigyDS/SmA6lrQt+dgJ4bfX0IiwakBItdM6v5yScB9svI4qi0aNl n8+PU7IvbGU= =PWU8 -----END PGP SIGNATURE-----

Netfilter Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Network Appliance Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

NextHop Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Nortel Networks, Inc. Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Novell, Inc. Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

OpenBSD Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Openwall GNU/*/Linux Not Affected

Notified:  July 11, 2005 Updated: July 12, 2005

Status

Not Affected

Vendor Statement

Openwall GNU/*/Linux (Owl) has never used a version of zlib affected by this vulnerability. We're currently using zlib 1.1.4.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

QNX Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Redback Networks Inc. Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Red Hat, Inc. Affected

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Affected

Vendor Statement

Vendor statement; Red Hat: This issue affected Red Hat Enterprise Linux 4. Updated packages were made available on July 6th along with our advisory at the URL below. Red Hat Enterprise Linux 2.1 and 3 were not affected by this issue as they shipped a version of zlib not affected by this issue. http://rhn.redhat.com/errata/RHSA-2005-569.html Vendor statement; Fedora Project: Updated zlib packages are available for Fedora Core 3 and Fedora Core 4: http://www.redhat.com/archives/fedora-announce-list/2005-July/msg00017.html http://www.redhat.com/archives/fedora-announce-list/2005-July/msg00016.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Riverstone Networks Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Secure Computing Corporation Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

SecureWorks Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Sequent Computer Systems, Inc. Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

SGI Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Sony Corporation Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Stonesoft Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Sun Microsystems, Inc. Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

SUSE Linux Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Symantec Corporation Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

The SCO Group (SCO Linux) Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

The SCO Group (SCO Unix) Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

TurboLinux Not Affected

Notified:  July 11, 2005 Updated: July 12, 2005

Status

Not Affected

Vendor Statement

Please refer to the following URL: English http://www.turbolinux.com/security/2005/TLSA-2005-77.txt Japanese http://www.turbolinux.co.jp/security/2005/TLSA-2005-77j.txt Other products are "Not Vulnerable".

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Turbolinux Security Advisory TLSA-2005-77 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp Original released date: 11 Jul 2005 Last revised: 11 Jul 2005 Package: zlib Summary: Buffer overflow More information: Zlib is a widely used compression and decompression library. A buffer overflow vulnerability exists in zlib. Impact: The zlib allows attackers to cause a denial of service via a crafted file. Affected Products: - Turbolinux 10 Server Solution: Please use the turbopkg (zabom) tool to apply the update. # turbopkg or # zabom -u zlib zlib-devel Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/zlib-1.2.1-4.src.rpm 293562 ccc7c91245fd4915b9c437df5d8507b2 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/zlib-1.2.1-4.i586.rpm 65883 db85def8bf7e2c4056bcaae7335f03ab ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/zlib-debug-1.2.1-4.i586.rpm 125754 6588b66e89375b9ec9df6c1753628c42 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/zlib-devel-1.2.1-4.i586.rpm 61584 4884c0ca20644d34ddb339549187dedb References: CVE [CAN-2005-2096] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096 Revision History 11 Jul 2005 Initial release Copyright(C) 2005 Turbolinux, Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFC0hzrK0LzjOqIJMwRAl71AJ9NoBH54Un8KGxnmYI1+y5iXwE+hwCdFUm+ IukMopqTxoX+N6V7G+pBevM= =PPTv -----END PGP SIGNATURE-----

Unisys Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

WatchGuard Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Wind River Systems, Inc. Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Zlib.org Unknown

Notified:  July 06, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

ZyXEL Unknown

Notified:  July 11, 2005 Updated: July 11, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

View all 82 vendors View less vendors