LibMCrypt Memory Leak Resource Exhaustion Vulnerability

Threat level definition

LibMCrypt Memory Leak Resource Exhaustion Vulnerability

Solution:
This vulnerability has been reported as being fixed in libcrypt versions 2.5.5 and later.

Gentoo Linux has released an advisory. Users who have installed dev-libs/libmcrypt-2.5.1-r4 or earlier are advised to update their systems by issuing the following commands:

emerge rsync
emerge libmcrypt
emerge clean

Conectiva has released a security advisory (CLA-2003:567) containing fixes. Users are advised to upgrade their mcrypt package as soon as possible.

Fixes:

Mcrypt libmcrypt 2.4.10

SuSE libmcrypt-2.4.10-59.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.2/sec2/libmcrypt-2.4.10-59.i 386.rpm

SuSE libmcrypt-devel-2.4.10-59.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.2/sec2/libmcrypt-devel-2.4.1 0-59.i386.rpm

Mcrypt libmcrypt 2.4.15

SuSE libmcrypt-2.4.15-53.sparc.rpm
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/sec2/libmcrypt-2.4.15-53. sparc.rpm

SuSE libmcrypt-2.4.15-89.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/sec2/libmcrypt-2.4.15-89.pp c.rpm

SuSE libmcrypt-2.4.15-98.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.3/sec2/libmcrypt-2.4.15-98.i 386.rpm

SuSE libmcrypt-devel-2.4.15-53.sparc.rpm
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/sec2/libmcrypt-devel-2.4. 15-53.sparc.rpm

SuSE libmcrypt-devel-2.4.15-89.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/sec2/libmcrypt-devel-2.4.15 -89.ppc.rpm

SuSE libmcrypt-devel-2.4.15-98.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.3/sec2/libmcrypt-devel-2.4.1 5-98.i386.rpm

Mcrypt libmcrypt 2.4.18

Conectiva mcrypt-2.4.18-3U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/mcrypt-2.4.18-3U80_1cl.i386 .rpm

Conectiva mcrypt-devel-2.4.18-3U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/mcrypt-devel-2.4.18-3U80_1c l.i386.rpm

Conectiva mcrypt-devel-static-2.4.18-3U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/mcrypt-devel-static-2.4.18- 3U80_1cl.i386.rpm

Mcrypt libmcrypt 2.4.20

SuSE libmcrypt-2.4.20-114.i386.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/sec2/libmcrypt-2.4.20-114. i386.patch.rpm

SuSE libmcrypt-2.4.20-114.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/sec2/libmcrypt-2.4.20-114. i386.rpm

SuSE libmcrypt-devel-2.4.20-114.i386.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/d4/libmcrypt-devel-2.4.20- 114.i386.patch.rpm

SuSE libmcrypt-devel-2.4.20-114.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/d4/libmcrypt-devel-2.4.20- 114.i386.rpm

Mcrypt libmcrypt 2.4.7

SuSE libmcrypt-2.4.7-19.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.1/sec2/libmcrypt-2.4.7-19.i3 86.rpm

SuSE libmcrypt-2.4.7-23.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/sec2/libmcrypt-2.4.7-23.ppc .rpm

SuSE libmcrypt-2.4.7-26.alpha.rpm
ftp://ftp.suse.com/pub/suse/axp/update/7.1/sec2/libmcrypt-2.4.7-26.alp ha.rpm

SuSE libmcrypt-devel-2.4.7-19.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.1/sec2/libmcrypt-devel-2.4.7 -19.i386.rpm

SuSE libmcrypt-devel-2.4.7-23.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/sec2/libmcrypt-devel-2.4.7- 23.ppc.rpm

SuSE libmcrypt-devel-2.4.7-26.alpha.rpm
ftp://ftp.suse.com/pub/suse/axp/update/7.1/sec2/libmcrypt-devel-2.4.7- 26.alpha.rpm

Mcrypt libmcrypt 2.4.9

Conectiva mcrypt-2.4.9-3U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mcrypt-2.4.9-3U70_1cl.i38 6.rpm

Conectiva mcrypt-devel-2.4.9-3U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mcrypt-devel-2.4.9-3U70_1 cl.i386.rpm

Conectiva mcrypt-devel-static-2.4.9-3U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mcrypt-devel-static-2.4.9 -3U70_1cl.i386.rpm

Mcrypt libmcrypt 2.5 .0

Debian libmcrypt-dev_2.5.0-1woody1_alpha.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt- dev_2.5.0-1woody1_alpha.deb

Debian libmcrypt-dev_2.5.0-1woody1_arm.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt- dev_2.5.0-1woody1_arm.deb

Debian libmcrypt-dev_2.5.0-1woody1_hppa.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt- dev_2.5.0-1woody1_hppa.deb

Debian libmcrypt-dev_2.5.0-1woody1_i386.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt- dev_2.5.0-1woody1_i386.deb

Debian libmcrypt-dev_2.5.0-1woody1_ia64.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt- dev_2.5.0-1woody1_ia64.deb

Debian libmcrypt-dev_2.5.0-1woody1_m68k.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt- dev_2.5.0-1woody1_m68k.deb

Debian libmcrypt-dev_2.5.0-1woody1_mips.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt- dev_2.5.0-1woody1_mips.deb

Debian libmcrypt-dev_2.5.0-1woody1_mipsel.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt- dev_2.5.0-1woody1_mipsel.deb

Debian libmcrypt-dev_2.5.0-1woody1_powerpc.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt- dev_2.5.0-1woody1_powerpc.deb

Debian libmcrypt-dev_2.5.0-1woody1_s390.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt- dev_2.5.0-1woody1_s390.deb

Debian libmcrypt-dev_2.5.0-1woody1_sparc.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt- dev_2.5.0-1woody1_sparc.deb

Debian libmcrypt4_2.5.0-1woody1_alpha.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4 _2.5.0-1woody1_alpha.deb

Debian libmcrypt4_2.5.0-1woody1_arm.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4 _2.5.0-1woody1_arm.deb

Debian libmcrypt4_2.5.0-1woody1_hppa.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4 _2.5.0-1woody1_hppa.deb

Debian libmcrypt4_2.5.0-1woody1_i386.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4 _2.5.0-1woody1_i386.deb

Debian libmcrypt4_2.5.0-1woody1_ia64.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4 _2.5.0-1woody1_ia64.deb

Debian libmcrypt4_2.5.0-1woody1_m68k.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4 _2.5.0-1woody1_m68k.deb

Debian libmcrypt4_2.5.0-1woody1_mips.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4 _2.5.0-1woody1_mips.deb

Debian libmcrypt4_2.5.0-1woody1_mipsel.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4 _2.5.0-1woody1_mipsel.deb

Debian libmcrypt4_2.5.0-1woody1_powerpc.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4 _2.5.0-1woody1_powerpc.deb

Debian libmcrypt4_2.5.0-1woody1_s390.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4 _2.5.0-1woody1_s390.deb

Debian libmcrypt4_2.5.0-1woody1_sparc.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4 _2.5.0-1woody1_sparc.deb

Mcrypt libmcrypt 2.5.2

Conectiva libmcrypt-2.5.2-48.i586.rpm
ftp://ul.conectiva.com.br/updates/1.0/i386/RPMS.core/libmcrypt-2.5.2-4 8.i586.rpm

Conectiva libmcrypt-devel-2.5.2-48.i586.rpm
ftp://ul.conectiva.com.br/updates/1.0/i386/RPMS.core/libmcrypt-devel-2 .5.2-48.i586.rpm

Mcrypt libmcrypt 2.5.5
http://mcrypt.hellug.gr/lib/index.html

SuSE libmcrypt-2.5.2-48.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/libmcrypt-2.5.2-4 8.i586.patch.rpm

SuSE libmcrypt-2.5.2-48.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/libmcrypt-2.5.2-4 8.i586.rpm

SuSE libmcrypt-devel-2.5.2-48.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/libmcrypt-devel-2 .5.2-48.i586.patch.rpm

SuSE libmcrypt-devel-2.5.2-48.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/libmcrypt-devel-2 .5.2-48.i586.rpm

Mcrypt libmcrypt 2.5.3

Mcrypt libmcrypt 2.5.5
http://mcrypt.hellug.gr/lib/index.html

Privacy Statement
Copyright 2008, SecurityFocus