USN-151-4: rpm vulnerability

9 November 2005

rpm vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 5.10
  • Ubuntu 5.04
  • Ubuntu 4.10

Software Description

Details

USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams.

Since lsb-rpm is statically linked against the zlib library, it is also affected by these issues. The updated packagages have been rebuilt against the fixed zlib.

Please note that lsb-rpm is not officially supported (it is in the “universe” component of the archive).

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.10
lsb-rpm
Ubuntu 5.04
lsb-rpm
Ubuntu 4.10
lsb-rpm

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References