USN-148-1: zlib vulnerability

6 July 2005

zlib vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 5.04
  • Ubuntu 4.10

Software Description

Details

Tavis Ormandy discovered that zlib did not properly verify data streams. Decompressing certain invalid compressed files caused corruption of internal data structures, which caused applications which link to zlib to crash. Specially crafted input might even have allowed arbitrary code execution.

zlib is used by hundreds of server and client applications, so this vulnerability could be exploited to cause Denial of Service attacks to almost all services provided by an Ubuntu system.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.04
zlib1g
Ubuntu 4.10
zlib1g

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References