• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Zlib Compression Library Denial Of Service Vulnerability

Solution:
SuSE Linux has released advisory SUSE-SA:2004:029 along with fixes dealing with this issue. Please see the referenced advisory for more information.

OpenPKG has released an advisory (OpenPKG-SA-2004.038) along with fixes to address this issue. Please see the referenced advisory for further information.

Trustix Linux has released advisory TSL-2004-0043 dealing with this and other issues. Please see the referenced advisory for more information.

Gentoo has released an advisory (GLSA 200408-26) to address this issue. Please see the referenced advisory for more information. Gentoo users can carry out the following commands to update their computers:

emerge sync
emerge -pv ">=net-im/gaim-0.81-r5"
emerge ">=net-im/gaim-0.81-r5"

OpenBSD has released a patch dealing with this issue. Please see the fixes section for patch availability.

Mandrake Linux has released advisory MDKSA-2004:090 along with fixes dealing with this issue. Please see the referenced advisory for more information.

Conectiva Linux has released advisory CLA-2004:865 along with fixes dealing with this issue. Please see the referenced advisory for more information.

Debian Woody 3.0 unstable releases were vulnerable to this issue, however, it has been addressed in version 1.2.1.1-6. Debian Woody 3.0 stable is not vulnerable to this issue.

SCO Linux has released advisory SCOSA-2004.17 along with fixes dealing with this issue. Please see the referenced advisory for more information.

Conectiva Linux has released advisory CLA-2004:878 along with fixes for their Conectiva Linux 10.0 product dealing with this issue. Please see the referenced advisory for more information.

Avaya has released an interim advisory ASA-2004-067 regarding this issue. Please see the referenced advisory for further information.

Fedora has released FEDORA-2005-095 addressing this issue for Fedora Core 2. Please see the referenced advisory for further information.

Fedora Legacy has released advisory FLSA:2043 to provide fixes for Fedora Core 1. Please see the referenced advisory for further information.

zlib version 1.2.2 has been released to address this issue.

OpenPKG has released advisory OpenPKG-SA-2005.007 to address this issue in OpenPKG 2.2 and OpenPKG 2.3. Please see the referenced advisory for more information.

SCO advisory SCOSA-2005.33 is available to address various issues affecting UnixWare 7.1.4 and UnixWare 7.1.3. Please see the referenced advisory for more information.

CVS 1.12.13 is available to address this and other issues.

Trustix has released advisory TSLSA-2005-0055 to address multiple issues. Please see the referenced advisory for more information.

SCO has released security advisory SCOSA-2006.6 to address this issue is OpenServer 5.0.6, 5.0.7 and 6.0.0. Please see the referenced advisory for further information.


CVS CVS 1.12.12

• CVS CVS 1.12.13
  http://www.nongnu.org/cvs/#TOCdownloading


• Trustix cvs-1.12.13-1tr.i586.rpm
  Trustix Secure Linux 3.0
  ftp://ftp.trustix.org/pub/trustix/updates/


• Trustix cvs-contrib-1.12.13-1tr.i586.rpm
  Trustix Secure Linux 3.0
  ftp://ftp.trustix.org/pub/trustix/updates/


• Trustix cvs-pserver-1.12.13-1tr.i586.rpm
  Trustix Secure Linux 3.0
  ftp://ftp.trustix.org/pub/trustix/updates/

zlib zlib 1.2 .0.7

• RedHat zlib-1.2.0.7-2.1.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/zlib-1.2.0.7-2. 1.legacy.i386.rpm


• RedHat zlib-devel-1.2.0.7-2.1.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/zlib-devel-1.2. 0.7-2.1.legacy.i386.rpm

zlib zlib 1.2.1

• Conectiva libz-devel-1.2.1-47972U10_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/libz-devel-1.2.1-47972U10_ 2cl.i386.rpm


• Conectiva libz-devel-static-1.2.1-47972U10_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/libz-devel-static-1.2.1-47 972U10_2cl.i386.rpm


• Conectiva libz1-1.2.1-47972U10_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/libz1-1.2.1-47972U10_2cl.i 386.rpm


• Fedora zlib-1.2.1.2-0.fc2.i386.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora zlib-1.2.1.2-0.fc2.x86_64.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora zlib-debuginfo-1.2.1.2-0.fc2.i386.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora zlib-debuginfo-1.2.1.2-0.fc2.x86_64.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora zlib-devel-1.2.1.2-0.fc2.i386.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora zlib-devel-1.2.1.2-0.fc2.x86_64.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Mandrake zlib1-1.2.1-2.1.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake zlib1-1.2.1-2.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake zlib1-devel-1.2.1-2.1.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake zlib1-devel-1.2.1-2.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• OpenBSD 017_libz.patch
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/017_libz.patch


• SuSE zlib-1.2.1-70.6.i586.patch.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/zlib-1.2.1-70.6.i 586.patch.rpm


• SuSE zlib-1.2.1-70.6.x86_64.patch.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/zlib-1.2.1-70 .6.x86_64.patch.rpm


• SuSE zlib-devel-1.2.1-70.6.i586.patch.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/zlib-devel-1.2.1- 70.6.i586.patch.rpm


• SuSE zlib-devel-1.2.1-70.6.x86_64.patch.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/zlib-devel-1. 2.1-70.6.x86_64.patch.rpm


• SuSE zlib-1.2.1-70.6.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/zlib-1.2.1-70.6.i 586.rpm


• SuSE zlib-1.2.1-70.6.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/zlib-1.2.1-70 .6.x86_64.rpm


• SuSE zlib-devel-1.2.1-70.6.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/zlib-devel-1.2.1- 70.6.i586.rpm


• SuSE zlib-devel-1.2.1-70.6.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/zlib-devel-1. 2.1-70.6.x86_64.rpm


• Trustix zlib-1.2.1-4tr.i586.rpm
  Enterprise Server 2 & Secure Linux 2.1
  ftp://ftp.trustix.org/pub/trustix/updates/


• Trustix zlib-devel-1.2.1-4tr.i586.rpm
  Enterprise Server 2 & Secure Linux 2.1
  ftp://ftp.trustix.org/pub/trustix/updates/


• zlib zlib-1.2.2.tar.gz
  http://www.zlib.net/zlib-1.2.2.tar.gz

SCO Open Server 5.0.6

• SCO gwxlibs210Ba_vol.tar
  ftp://ftp.sco.com/pub/openserver5/opensrc/gwxlibs-2.1.0Ba/

SCO Open Server 5.0.7

• SCO osr507mp4_vol.tar for SCOSA-2006.6
  ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4_vol.tar

SCO Open Server 6.0

• SCO VOL.000.000 for SCOSA-2006.6
  ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6

SCO Unixware 7.1.3

• SCO erg712692.pkg
  ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.17/erg712692.pkg


• SCO SCOSA-2005.33
  UnixWare 7.1.3
  ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.33

SCO Unixware 7.1.4

• SCO erg712692.714.pkg
  ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.17/erg712692.714.pkg


• SCO SCOSA-2005.33
  UnixWare 7.1.4
  ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.33