What Are You Looking For?

Sign Up

- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200303-25
- - ---------------------------------------------------------------------

          PACKAGE : zlib
          SUMMARY : buffer overrun
             DATE : 2003-03-28 10:50 UTC
          EXPLOIT : remote
VERSIONS AFFECTED : <1.1.4-r1 : fixed version>=1.1.4-r1
              CVE : CAN-2003-0107

- - ---------------------------------------------------------------------

- From advisory:
"zlib contains a function called gzprintf().  This is similar in
behaviour to fprintf() except that by default, this function will
smash the stack if called with arguments that expand to more than
Z_PRINTF_BUFSIZE (=4096 by default) bytes."

Read the full advisory at 


SOLUTION

It is recommended that all Gentoo Linux users who are running
sys-libs/zlib upgrade to zlib-1.1.4-r1 as follows:

emerge sync
emerge zlib
emerge clean

- - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at   
- - ---------------------------------------------------------------------

1.1.4-r1

Gentoo: zlib stack overflow vulnerability

The function gzprintf() is similar in behaviour to fprintf() except that by default, this function will smash the stack if called with arguments that expand to more than Z_PRINTF_B...

Summary


- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200303-25
- - ---------------------------------------------------------------------

- - ---------------------------------------------------------------------

- From advisory:
"zlib contains a function called gzprintf().  This is similar in
behaviour to fprintf() except that by default, this function will
smash the stack if called with arguments that expand to more than
Z_PRINTF_BUFSIZE (=4096 by default) bytes."

Read the full advisory at 


SOLUTION

It is recommended that all Gentoo Linux users who are running
sys-libs/zlib upgrade to zlib-1.1.4-r1 as follows:

emerge sync
emerge zlib
emerge clean

- - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at   
- - ---------------------------------------------------------------------

1.1.4-r1

Resolution

References

Availability

Concerns

Severity
PACKAGE : zlib
SUMMARY : buffer overrun
DATE : 2003-03-28 10:50 UTC
EXPLOIT : remote
VERSIONS AFFECTED : <1.1.4-r1 : fixed version>=1.1.4-r1
CVE : CAN-2003-0107

Synopsis

Background

Affected Packages

Impact

Workaround

Related News

Latest Release of EuroLinux Desktop – What Will We Find in Version 9.1?

Apr 2, 2023

How OpenSSF Aims to Make Log4j-Like Incidents Rare

Mar 13, 2023

4 Ways to Use Kernel Security Features for Process Monitoring

Jan 6, 2023

Proposed Linux Patch Would Allow Disabling CPU Security Mitigations At Build-Time

Feb 13, 2023

News

Advisories

HOWTOs

Features

Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

About Us

Powered By

Footer Logo