exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2006.070

Mandriva Linux Security Advisory 2006.070
Posted Apr 12, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory MDKSA-2006-070: Tavis Ormandy of the Gentoo Security Project discovered a vulnerability in zlib where a certain data stream would cause zlib to corrupt a data structure, resulting in the linked application to dump core

tags | advisory
systems | linux, gentoo, mandriva
SHA-256 | 78999afdebb40bb7748d78df126a46fc497680676f21f447af16ee0af418d6f0

Mandriva Linux Security Advisory 2006.070

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:070
https://www.mandriva.com/security/
_______________________________________________________________________

Package : sash
Date : April 10, 2006
Affected: 10.2, 2006.0, Corporate 3.0, Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

Tavis Ormandy of the Gentoo Security Project discovered a vulnerability
in zlib where a certain data stream would cause zlib to corrupt a data
structure, resulting in the linked application to dump core
(CVE-2005-2096).

Markus Oberhumber discovered additional ways that a specially-crafted
compressed stream could trigger an overflow. An attacker could create
such a stream that would cause a linked application to crash if opened
by a user (CVE-2005-1849).

Both of these issues have previously been fixed in zlib, but sash links
statically against zlib and is thus also affected by these issues. New
sash packages are available that link against the updated zlib packages.
_______________________________________________________________________

References:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1849
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2096
_______________________________________________________________________

Updated Packages:

Mandriva Linux 10.2:
290e5d895235afaaa1548d4898c5cde8 10.2/RPMS/sash-3.7-3.1.102mdk.i586.rpm
6cb36fc925f8793ef0f22a1d0adacb24 10.2/SRPMS/sash-3.7-3.1.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
4088008711f30343c6ddbd45dd4429f0 x86_64/10.2/RPMS/sash-3.7-3.1.102mdk.x86_64.rpm
6cb36fc925f8793ef0f22a1d0adacb24 x86_64/10.2/SRPMS/sash-3.7-3.1.102mdk.src.rpm

Mandriva Linux 2006.0:
6a8ef8036ca25661d6e1e18e826b7cf7 2006.0/RPMS/sash-3.7-3.1.20060mdk.i586.rpm
ebfdd661247a673a536d14b57bd1494f 2006.0/SRPMS/sash-3.7-3.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
f3ace9f835ba2bcf3358404ec3b35863 x86_64/2006.0/RPMS/sash-3.7-3.1.20060mdk.x86_64.rpm
ebfdd661247a673a536d14b57bd1494f x86_64/2006.0/SRPMS/sash-3.7-3.1.20060mdk.src.rpm

Corporate 3.0:
76d84869521a8231bde684d29c909f77 corporate/3.0/RPMS/sash-3.6-5.1.C30mdk.i586.rpm
5a52429713ca8dabda8fe0462eedbf41 corporate/3.0/SRPMS/sash-3.6-5.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
5fdfa411aaa588d14e3f92d877b31e0b x86_64/corporate/3.0/RPMS/sash-3.6-5.1.C30mdk.x86_64.rpm
5a52429713ca8dabda8fe0462eedbf41 x86_64/corporate/3.0/SRPMS/sash-3.6-5.1.C30mdk.src.rpm

Multi Network Firewall 2.0:
b1d67ff8736048c8687708ff614d995b mnf/2.0/RPMS/sash-3.6-5.1.M20mdk.i586.rpm
df79ea5562d8e2d45f98ead903f1b4c7 mnf/2.0/SRPMS/sash-3.6-5.1.M20mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

https://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEOtv8mqjQ0CJFipgRAvmaAKDbjEYQYMNmbwm5XFF37ClR4W2+rACfSszW
RKonuFKGLwS+UEca0OtVDUc=
=I//9
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close