Conectiva Linux Advisory: zlibOct 26, 2004, 16:44 (0 Talkback[s])
WEBINAR: On-demand Event
Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >
CONECTIVA LINUX SECURITY ANNOUNCEMENT
PACKAGE : zlib
This announcement improves the correction adopted by the previous one by adding a single missing hunk to the correction's patch.
Due to a Debian bug report, a denial of service vulnerability was discovered in the zlib compression library versions 1.2.x, in the inflate() and inflateBack() functions. An attacker could exploit this vulnerability to launch a denial of service attack on any application using the zlib library. Older versions of zlib are not affected.
IMPORTANT: all applications linked against zlib must be restarted after the upgrade in order to close the vulnerabilities.
Detailed instructions regarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at
Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en
Copyright (c) 2004 Conectiva Inc.
0 Talkback[s] (click to add your comment)