--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2043 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2043 2005-02-09 ---------------------------------------------------------------------
Name : zlib Versions : fc1: zlib-1.2.0.7-2.1.legacy Summary : The zlib compression and decompression library. Description : Zlib is a general-purpose, patent-free, lossless data compression library which is used by many different programs.
--------------------------------------------------------------------- Update Information:
Zlib is a general-purpose, patent-free, lossless data compression library which is used by many different programs.
Johan Thelmen reported that a specially crafted file can cause a segmentation fault in zlib as the inflate() and inflateBack() functions do not properly handle errors. An attacker could construct a carefully crafted file that could cause a crash or possibly execute arbitrary code when opened. The specific impact depends on the application using zlib. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0797 to this issue.
Users of zlib are advised to upgrade to this errata package, which contains a backported patch correcting this issue.
--------------------------------------------------------------------- Changelogs
fc1: * Fri Nov 19 2004 Rob Myers <rob myers gtri gatech edu> 1.2.0.7-2.1.legacy - apply patch for CAN-2004-0797 (FL #2043)
--------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums)
Attachment:
signature.asc
Description: OpenPGP digital signature