[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 598/04 - Two Conectiva Security Announcements:



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 598/04 dated 27.10.04  Time: 11:50  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Two Conectiva Security Announcements:

1. CLA-2004:877 - New upstream for mozilla

2. CLA-2004:878 - zlib


Detail
====== 

1. Mozilla[1] is an open-source web browser designed for standards  compliance, 
performance and portability.


2. "zlib"[1] is a compression library used by several programs. This announcement improves the correction adopted by the previous
one[2] by 
adding a single missing hunk to the correction's patch.
Due to a Debian bug report[3], a denial of service vulnerability[4]  was 
discovered in the zlib compression library versions 1.2.x, in the
inflate() and inflateBack() functions. An attacker could exploit this  
vulnerability to launch a denial of service attack on any application  
using the zlib library. Older versions of zlib are not affected.
 


1.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT 
- - --------------------------------------------------------------------------

PACKAGE   : mozilla
SUMMARY   : New upstream for mozilla
DATE      : 2004-10-22 16:18:00
ID        : CLA-2004:877
RELEVANT
RELEASES  : 9, 10

- - -------------------------------------------------------------------------

DESCRIPTION
 Mozilla[1] is an open-source web browser designed for standards  compliance, 
performance and portability.
 
 This announcement updates mozilla packages for Conectiva Linux 9 and  10 to 
mozilla version 1.7.3. This updates fixes lots of  vulnerabilities, which the 
most recent and important is listed
 bellow:
 
 CAN-2004-0597: multiple buffer overflows in libpng
 CAN-2004-0598: denial of service via a certain PNG image
 CAN-2004-0599: multiple integer overflows in libpng
 CAN-2004-0718: content in unrelated windows could be modified
 CAN-2004-0722: integer overflow in the SOAPParameter object  constructor
 CAN-2004-0757: heap-based buffer overflow in the SendUidl of POP3  code
 CAN-2004-0758: denial-of-service with malicious SSL certificates
 CAN-2004-0759: read files via JavaScript
 CAN-2004-0760: MIME code handles %00 incorrectly
 CAN-2004-0761: spoofing of security lock icon
 CAN-2004-0763: spoofing of SSL certificates by using redirects and  JavaScript
 CAN-2004-0764: hijacking the user interface via the "chrome" flag and
 XML User   Interface Language (XUL) files
 CAN-2004-0765: spoofing SSL certificates due to incorrecting
 comparsion of   hostnames
 CAN-2004-0902: Several heap based buffer overflows in Mozilla  Browsers.
 CAN-2004-0903: Stack-based buffer overflow in the writeGroup function  in vcard 
 handling.
 CAN-2004-0904: Buffer overflow in BMP images decoding.
 CAN-2004-0905: Crossdomain scripting and possible code execution by  javascript 
 drag and drop.
 CAN-2004-0906: XPI Installer sets insecure permissions, allowing  local users to 
 overwrite files of the user.
 CAN-2004-0908: Allow untrusted javascript code to read and write to  the clipboard.
 CAN-2004-0909: Allow remote attackers to trick the user into  performing dangerous 
 operations by modifying security relevant dialog  boxes.
 
 For further information on the vulnerabilities, please, refer to  mozilla's security page, 
 located at  http://www.mozilla.org/projects/security/known-vulnerabilities.html


SOLUTION
 All mozilla users should upgrade their packages. Galeon users on  Conectiva Linux 9.0 
must choose another browser, becose all galeon's  available versions for this Conectiva 
Linux are not compatible with  the new mozilla.
 
 
 REFERENCES
 1.http://www.mozilla.org/


UPDATED PACKAGES ftp://atualizacoes.conectiva.com.br/10/SRPMS/mozilla-1.7.3-60868U10_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/10/SRPMS/epiphany-1.2.9-60593U10_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/10/SRPMS/epiphany-extensions-1.0-60603U10_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libnspr-devel-1.7.3-60868U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libnspr4-1.7.3-60868U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libnss-devel-1.7.3-60868U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libnss3-1.7.3-60868U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/mozilla-1.7.3-60868U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/mozilla-base-1.7.3-60868U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/mozilla-devel-1.7.3-60868U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/mozilla-dom-inspector-1.7.3-60868U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/mozilla-irc-1.7.3-60868U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/mozilla-js-debugger-1.7.3-60868U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/mozilla-mail-1.7.3-60868U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/mozilla-psm-1.7.3-60868U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-devel-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-am-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-ar-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-az-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-be-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-bg-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-bn-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-ca-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-cs-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-cy-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-da-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-de-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-el-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-en_CA-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-en_GB-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-es-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-et-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-eu-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-fa-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-fi-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-fr-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-ga-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-gu-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-he-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-hi-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-hr-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-hu-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-id-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-is-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-it-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-ja-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-ko-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-li-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-lt-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-mi-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-mk-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-ml-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-mn-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-ms-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-nl-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-nn-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-no-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-pa-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-pl-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-pt-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-pt_BR-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-ro-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-ru-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-sk-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-sl-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-sq-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-sr-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-sv-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-ta-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-th-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-tk-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-tr-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-uk-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-vi-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-wa-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-zh_CN-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-i18n-zh_TW-1.2.9-60593U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-extensions-1.0-60603U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-extensions-i18n-bg-1.0-60603U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-extensions-i18n-ca-1.0-60603U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-extensions-i18n-cs-1.0-60603U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-extensions-i18n-da-1.0-60603U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-extensions-i18n-de-1.0-60603U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-extensions-i18n-el-1.0-60603U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-extensions-i18n-en_GB-1.0-60603U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-extensions-i18n-es-1.0-60603U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-extensions-i18n-fr-1.0-60603U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-extensions-i18n-hr-1.0-60603U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-extensions-i18n-hu-1.0-60603U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-extensions-i18n-it-1.0-60603U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-extensions-i18n-ja-1.0-60603U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-extensions-i18n-lt-1.0-60603U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-extensions-i18n-nl-1.0-60603U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-extensions-i18n-no-1.0-60603U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-extensions-i18n-pa-1.0-60603U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-extensions-i18n-pl-1.0-60603U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-extensions-i18n-pt-1.0-60603U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-extensions-i18n-pt_BR-1.0-60603U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-extensions-i18n-ru-1.0-60603U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-extensions-i18n-sk-1.0-60603U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-extensions-i18n-sq-1.0-60603U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-extensions-i18n-sr-1.0-60603U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-extensions-i18n-sv-1.0-60603U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-extensions-i18n-uk-1.0-60603U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-extensions-i18n-wa-1.0-60603U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/epiphany-extensions-i18n-zh_CN-1.0-60603U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/mozilla-1.7.3-27852U90_4cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/task-gnomeutils-9.0-28979U90_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/libnspr-devel-1.7.3-27852U90_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/libnspr4-1.7.3-27852U90_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/libnss-devel-1.7.3-27852U90_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/libnss3-1.7.3-27852U90_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/mozilla-1.7.3-27852U90_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/mozilla-base-1.7.3-27852U90_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/mozilla-devel-1.7.3-27852U90_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/mozilla-dom-inspector-1.7.3-27852U90_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/mozilla-irc-1.7.3-27852U90_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/mozilla-js-debugger-1.7.3-27852U90_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/mozilla-mail-1.7.3-27852U90_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/mozilla-psm-1.7.3-27852U90_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/task-gnomeutils-9.0-28979U90_1cl.noarch.rpm


ADDITIONAL INSTRUCTIONS
 The apt tool can be used to perform RPM packages upgrades:

 - run:                 apt-get update
 - after that, execute: apt-get upgrade

 Detailed instructions regarding the use of apt and upgrade examples 
 can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

- - -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions on how to 
import it can be found at 
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be found at 
http://distro.conectiva.com.br/seguranca/politica/?idioma=en

- - -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at 
http://distro.conectiva.com.br/atualizacoes/?idioma=en

- - -------------------------------------------------------------------------
Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com

- - -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@xxxxxxxxxxxxxxxxxxxxxxxxxxx
unsubscribe: conectiva-updates-unsubscribe@xxxxxxxxxxxxxxxxxxxxxxxxxxx
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQFBeVh+42jd0JmAcZARAqfHAKC3tRUPrpejVdg7v+h2XKbWnu/chQCgwWpX
Q80oIzPesZTkU/Q+wN4jGME=
=mWV4
- -----END PGP SIGNATURE-----


2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT 
- - --------------------------------------------------------------------------

PACKAGE   : zlib
SUMMARY   : Fix for denial of service vulnerabilities
DATE      : 2004-10-25 15:45:00
ID        : CLA-2004:878
RELEVANT
RELEASES  : 10

- - -------------------------------------------------------------------------

DESCRIPTION
 "zlib"[1] is a compression library used by several programs.
 
 This announcement improves the correction adopted by the previous  one[2] by 
adding a single missing hunk to the correction's patch.
 
 Due to a Debian bug report[3], a denial of service vulnerability[4]  was 
discovered in the zlib compression library versions 1.2.x, in the
 inflate() and inflateBack() functions. An attacker could exploit this  vulnerability 
to launch a denial of service attack on any application  using the zlib library. 
Older versions of zlib are not affected.


SOLUTION
 It is recommended that all Conectiva Linux users upgrade their  packages.
 
 IMPORTANT: all applications linked against zlib must be restarted  after the 
upgrade in order to close the vulnerabilities.
 
 
 REFERENCES
 1.http://www.gzip.org/zlib/  2.http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000865&idioma=en
 3.http://bugs.debian.org/252253  4.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0797


UPDATED PACKAGES ftp://atualizacoes.conectiva.com.br/10/SRPMS/libz1-1.2.1-47972U10_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libz1-1.2.1-47972U10_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libz-devel-1.2.1-47972U10_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libz-devel-static-1.2.1-47972U10_2cl.i386.rpm


ADDITIONAL INSTRUCTIONS
 The apt tool can be used to perform RPM packages upgrades:

 - run:                 apt-get update
 - after that, execute: apt-get upgrade

 Detailed instructions regarding the use of apt and upgrade examples 
 can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

- - -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions on how to 
import it can be found at 
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be found at 
http://distro.conectiva.com.br/seguranca/politica/?idioma=en

- - -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at 
http://distro.conectiva.com.br/atualizacoes/?idioma=en

- - -------------------------------------------------------------------------
Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com

- - -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@xxxxxxxxxxxxxxxxxxxxxxxxxxx
unsubscribe: conectiva-updates-unsubscribe@xxxxxxxxxxxxxxxxxxxxxxxxxxx
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQFBfTvD42jd0JmAcZARAoAEAJ95uHWMprdmHU3EW+oks5G8GWUdMQCg4qCa
RodbWWBW0ulC6gQQaNzThGg=
=R+rc
- -----END PGP SIGNATURE-----




- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Conectiva for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQX99zYpao72zK539AQG8TAQAt79/s+OyfD+98xr8/K1qY7b4ZbvfHJO8
WbTn71RedV64286BoEngFZXLvRbPUc784cQ2WzwiCu4i4FvOh9ce0/lMWoxD/A6z
+ZK/5e09kAm5nIq0gZeUNsj14ZWXVATGEpDQFQxTvq90sa+Ub/EYtFo4FnuPYvUa
8Ay8cbbgWfE=
=+fax
-----END PGP SIGNATURE-----