diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-05:16.zlib.asc')
-rw-r--r-- | share/security/advisories/FreeBSD-SA-05:16.zlib.asc | 103 |
1 files changed, 0 insertions, 103 deletions
diff --git a/share/security/advisories/FreeBSD-SA-05:16.zlib.asc b/share/security/advisories/FreeBSD-SA-05:16.zlib.asc deleted file mode 100644 index c26c38197b..0000000000 --- a/share/security/advisories/FreeBSD-SA-05:16.zlib.asc +++ /dev/null @@ -1,103 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - -============================================================================= -FreeBSD-SA-05:16.zlib Security Advisory - The FreeBSD Project - -Topic: Buffer overflow in zlib - -Category: core -Module: libz -Announced: 2005-07-06 -Credits: Tavis Ormandy -Affects: FreeBSD 5.3, FreeBSD 5.4 -Corrected: 2005-07-06 14:01:11 UTC (RELENG_5, 5.4-STABLE) - 2005-07-06 14:01:30 UTC (RELENG_5_4, 5.4-RELEASE-p4) - 2005-07-06 14:01:52 UTC (RELENG_5_3, 5.3-RELEASE-p18) -CVE Name: CAN-2005-2096 - -For general information regarding FreeBSD Security Advisories, -including descriptions of the fields above, security branches, and the -following sections, please visit -<URL:http://www.freebsd.org/security/>. - -I. Background - -zlib is a compression library used by numerous applications to provide -data compression/decompression routines. - -II. Problem Description - -An error in the handling of corrupt compressed data streams can result -in a buffer being overflowed. - -III. Impact - -By carefully crafting a corrupt compressed data stream, an attacker can -overwrite data structures in a zlib-using application. This may cause -the application to halt, causing a denial of service; or it may result -in the attacker gaining elevated privileges. - -IV. Workaround - -No workaround is available. - -V. Solution - -Perform one of the following: - -1) Upgrade your vulnerable system to 5-STABLE, or to the RELENG_5_4 or -RELENG_5_3 security branch dated after the correction date. - -2) To patch your present system: - -The following patch has been verified to apply to FreeBSD 5.3 and 5.4 -systems. - -a) Download the relevant patch from the location below, and verify the -detached PGP signature using your PGP utility. - -# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:16/zlib.patch -# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:16/zlib.patch.asc - -b) Execute the following commands as root: - -# cd /usr/src -# patch < /path/to/patch -# cd /usr/src/lib/libz/ -# make obj && make depend && make && make install - -VI. Correction details - -The following list contains the revision numbers of each file that was -corrected in FreeBSD. - -Branch Revision - Path -- ------------------------------------------------------------------------- -RELENG_5 - src/lib/libz/inftrees.c 1.4.2.2 -RELENG_5_4 - src/UPDATING 1.342.2.24.2.13 - src/sys/conf/newvers.sh 1.62.2.18.2.9 - src/lib/libz/inftrees.c 1.4.6.1 -RELENG_5_3 - src/UPDATING 1.342.2.13.2.21 - src/sys/conf/newvers.sh 1.62.2.15.2.23 - src/lib/libz/inftrees.c 1.4.4.1 -- ------------------------------------------------------------------------- - -VII. References - -http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096 - -The latest revision of this advisory is available at -ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:16.zlib.asc ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.1 (FreeBSD) - -iD8DBQFCy+TYFdaIBMps37IRAqB2AJ4j+wdqj1zJJZdTjskufo7rrsHhcwCgi0SZ -wXRUgGbgl/DtNzyvHi7t/bc= -=anun ------END PGP SIGNATURE----- |