USN-148-1: zlib vulnerability
6 July 2005
zlib vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 5.04
- Ubuntu 4.10
Software Description
Details
Tavis Ormandy discovered that zlib did not properly verify data streams. Decompressing certain invalid compressed files caused corruption of internal data structures, which caused applications which link to zlib to crash. Specially crafted input might even have allowed arbitrary code execution.
zlib is used by hundreds of server and client applications, so this vulnerability could be exploited to cause Denial of Service attacks to almost all services provided by an Ubuntu system.
Update instructions
The problem can be corrected by updating your system to the following package versions:
- Ubuntu 5.04
- zlib1g
- Ubuntu 4.10
- zlib1g
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.