-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera International, Inc. Security Advisory Subject: Linux: REVISED: Double free in zlib (libz) vulnerability Advisory number: CSSA-2002-015.1 Issue date: 2002 April 24 Cross reference: ______________________________________________________________________________ 1. Problem Description From CERT CA-2002-07: There is a bug in the zlib compression library that may manifest itself as a vulnerability in programs that are linked with zlib. This may allow an attacker to conduct a denial-of-service attack, gather information, or execute arbitrary code. This revision of the advisory adds fixes for OpenLinux 3.1. 2. Vulnerable Supported Versions System Package ---------------------------------------------------------------------- OpenLinux 3.1.1 Server prior to dump-0.4b22-5.i386.rpm prior to libz-1.1.3-12.i386.rpm prior to libz-devel-1.1.3-12.i386.rpm prior to libz-devel-static-1.1.3-12.i386.rpm prior to linux-kernel-binary-2.4.13-15S.i386.rpm prior to linux-kernel-include-2.4.13-15S.i386.rpm prior to linux-source-UserMode-2.4.13-15S.i386.rpm prior to linux-source-alpha-2.4.13-15S.i386.rpm prior to linux-source-arm-2.4.13-15S.i386.rpm prior to linux-source-common-2.4.13-15S.i386.rpm prior to linux-source-cris-2.4.13-15S.i386.rpm prior to linux-source-i386-2.4.13-15S.i386.rpm prior to linux-source-ia64-2.4.13-15S.i386.rpm prior to linux-source-m68k-2.4.13-15S.i386.rpm prior to linux-source-mips-2.4.13-15S.i386.rpm prior to linux-source-parisc-2.4.13-15S.i386.rpm prior to linux-source-ppc-2.4.13-15S.i386.rpm prior to linux-source-s390-2.4.13-15S.i386.rpm prior to linux-source-sparc-2.4.13-15S.i386.rpm prior to linux-source-superH-2.4.13-15S.i386.rpm prior to rpm-3.0.6-9.i386.rpm prior to rpm-devel-3.0.6-9.i386.rpm prior to rsync-2.5.0-5.i386.rpm OpenLinux 3.1.1 Workstation prior to dump-0.4b22-5.i386.rpm prior to libz-1.1.3-12.i386.rpm prior to libz-devel-1.1.3-12.i386.rpm prior to libz-devel-static-1.1.3-12.i386.rpm prior to linux-kernel-binary-2.4.13-15D.i386.rpm prior to linux-kernel-include-2.4.13-15D.i386.rpm prior to linux-source-UserMode-2.4.13-15D.i386.rpm prior to linux-source-alpha-2.4.13-15D.i386.rpm prior to linux-source-arm-2.4.13-15D.i386.rpm prior to linux-source-common-2.4.13-15D.i386.rpm prior to linux-source-cris-2.4.13-15D.i386.rpm prior to linux-source-i386-2.4.13-15D.i386.rpm prior to linux-source-ia64-2.4.13-15D.i386.rpm prior to linux-source-m68k-2.4.13-15D.i386.rpm prior to linux-source-mips-2.4.13-15D.i386.rpm prior to linux-source-parisc-2.4.13-15D.i386.rpm prior to linux-source-ppc-2.4.13-15D.i386.rpm prior to linux-source-s390-2.4.13-15D.i386.rpm prior to linux-source-sparc-2.4.13-15D.i386.rpm prior to linux-source-superH-2.4.13-15D.i386.rpm prior to rpm-3.0.6-9.i386.rpm prior to rpm-devel-3.0.6-9.i386.rpm prior to rsync-2.5.0-5.i386.rpm OpenLinux 3.1 Server prior to dump-0.4b22-5.i386.rpm prior to kernel-addon-modules-2.4.13-2S.i386.rpm prior to libz-1.1.3-12.i386.rpm prior to libz-devel-1.1.3-12.i386.rpm prior to libz-devel-static-1.1.3-12.i386.rpm prior to linux-kernel-binary-2.4.13-15.1S.i386.rpm prior to linux-kernel-include-2.4.13-15.1S.i386.rpm prior to linux-source-UserMode-2.4.13-15.1S.i386.rpm prior to linux-source-alpha-2.4.13-15.1S.i386.rpm prior to linux-source-arm-2.4.13-15.1S.i386.rpm prior to linux-source-common-2.4.13-15.1S.i386.rpm prior to linux-source-cris-2.4.13-15.1S.i386.rpm prior to linux-source-i386-2.4.13-15.1S.i386.rpm prior to linux-source-ia64-2.4.13-15.1S.i386.rpm prior to linux-source-m68k-2.4.13-15.1S.i386.rpm prior to linux-source-mips-2.4.13-15.1S.i386.rpm prior to linux-source-parisc-2.4.13-15.1S.i386.rpm prior to linux-source-ppc-2.4.13-15.1S.i386.rpm prior to linux-source-s390-2.4.13-15.1S.i386.rpm prior to linux-source-sparc-2.4.13-15.1S.i386.rpm prior to linux-source-superH-2.4.13-15.1S.i386.rpm prior to rpm-3.0.6-9.i386.rpm prior to rpm-devel-3.0.6-9.i386.rpm prior to rsync-2.5.0-5.i386.rpm OpenLinux 3.1 Workstation prior to dump-0.4b22-5.i386.rpm prior to kernel-addon-modules-2.4.13-2D.i386.rpm prior to libz-1.1.3-12.i386.rpm prior to libz-devel-1.1.3-12.i386.rpm prior to libz-devel-static-1.1.3-12.i386.rpm prior to linux-kernel-binary-2.4.13-15.1D.i386.rpm prior to linux-kernel-include-2.4.13-15.1D.i386.rpm prior to linux-source-UserMode-2.4.13-15.1D.i386.rpm prior to linux-source-alpha-2.4.13-15.1D.i386.rpm prior to linux-source-arm-2.4.13-15.1D.i386.rpm prior to linux-source-common-2.4.13-15.1D.i386.rpm prior to linux-source-cris-2.4.13-15.1D.i386.rpm prior to linux-source-i386-2.4.13-15.1D.i386.rpm prior to linux-source-ia64-2.4.13-15.1D.i386.rpm prior to linux-source-m68k-2.4.13-15.1D.i386.rpm prior to linux-source-mips-2.4.13-15.1D.i386.rpm prior to linux-source-parisc-2.4.13-15.1D.i386.rpm prior to linux-source-ppc-2.4.13-15.1D.i386.rpm prior to linux-source-s390-2.4.13-15.1D.i386.rpm prior to linux-source-sparc-2.4.13-15.1D.i386.rpm prior to linux-source-superH-2.4.13-15.1D.i386.rpm prior to rpm-3.0.6-9.i386.rpm prior to rpm-devel-3.0.6-9.i386.rpm prior to rsync-2.5.0-5.i386.rpm 3. Solution The proper solution is to install the latest packages. 4. OpenLinux 3.1.1 Server 4.1 Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS 4.2 Packages 2eb402bff568a8a52f259db0bbdbe80b dump-0.4b22-5.i386.rpm f5d940f7dcfd7bcc24c1c79df563d98d libz-1.1.3-12.i386.rpm 0247958bb6f6cc4fe314e3bd3df007e7 libz-devel-1.1.3-12.i386.rpm 62300daa75cf90b086973130e66bbc4f libz-devel-static-1.1.3-12.i386.rpm 101906da2a1c59f9e6c0bad08e0785ac linux-kernel-binary-2.4.13-15S.i386.rpm f9f5b2c2e09a018a30f6b50616baee1d linux-kernel-include-2.4.13-15S.i386.rpm bf71fb78b13f4b64fdfb1ae5adf4796f linux-source-UserMode-2.4.13-15S.i386.rpm b86fa7747635c9a6477fce54bdd1d326 linux-source-alpha-2.4.13-15S.i386.rpm 7bfbcae950b039fef763bb0b5d4c7dff linux-source-arm-2.4.13-15S.i386.rpm 60920cf1c709c5e086d8b7e57f90547d linux-source-common-2.4.13-15S.i386.rpm d85274f7cb42603fe84027fccacca967 linux-source-cris-2.4.13-15S.i386.rpm 03b5b743fc8c0d210bebc7b6444558c8 linux-source-i386-2.4.13-15S.i386.rpm 040f36bcc4e7c79a98aabb5beb025408 linux-source-ia64-2.4.13-15S.i386.rpm 41183122613d74b88a5e8cf24c9efe7d linux-source-m68k-2.4.13-15S.i386.rpm 31df19062eda1a2e3a114179193c7511 linux-source-mips-2.4.13-15S.i386.rpm f3d6376abe72df62f67e55c533719a38 linux-source-parisc-2.4.13-15S.i386.rpm 5d85c2f7e32d80cb9826ab8c0516d16f linux-source-ppc-2.4.13-15S.i386.rpm 2fd2faddb9f79d1df3fc66f037e4bcb2 linux-source-s390-2.4.13-15S.i386.rpm db79443a5f8620f1c32fe56b39d66505 linux-source-sparc-2.4.13-15S.i386.rpm 0f8268c6d45181276bc69305072c1bd2 linux-source-superH-2.4.13-15S.i386.rpm a81c8abac44c509fad419e96b4f2120e rpm-3.0.6-9.i386.rpm 3b228a4ab62dde634c07acba967c8e18 rpm-devel-3.0.6-9.i386.rpm 95d1bb7a31a3c78fe69db78065844317 rsync-2.5.0-5.i386.rpm 4.3 Installation rpm -Fvh libz-1.1.3-12.i386.rpm rpm -Fvh dump-0.4b22-5.i386.rpm rpm -Fvh libz-devel-1.1.3-12.i386.rpm rpm -Fvh libz-devel-static-1.1.3-12.i386.rpm rpm -Fvh linux-kernel-binary-2.4.13-15S.i386.rpm rpm -Fvh linux-kernel-include-2.4.13-15S.i386.rpm rpm -Fvh linux-source-UserMode-2.4.13-15S.i386.rpm rpm -Fvh linux-source-alpha-2.4.13-15S.i386.rpm rpm -Fvh linux-source-arm-2.4.13-15S.i386.rpm rpm -Fvh linux-source-common-2.4.13-15S.i386.rpm rpm -Fvh linux-source-cris-2.4.13-15S.i386.rpm rpm -Fvh linux-source-i386-2.4.13-15S.i386.rpm rpm -Fvh linux-source-ia64-2.4.13-15S.i386.rpm rpm -Fvh linux-source-m68k-2.4.13-15S.i386.rpm rpm -Fvh linux-source-mips-2.4.13-15S.i386.rpm rpm -Fvh linux-source-parisc-2.4.13-15S.i386.rpm rpm -Fvh linux-source-ppc-2.4.13-15S.i386.rpm rpm -Fvh linux-source-s390-2.4.13-15S.i386.rpm rpm -Fvh linux-source-sparc-2.4.13-15S.i386.rpm rpm -Fvh linux-source-superH-2.4.13-15S.i386.rpm rpm -Fvh rpm-3.0.6-9.i386.rpm rpm -Fvh rpm-devel-3.0.6-9.i386.rpm rpm -Fvh rsync-2.5.0-5.i386.rpm 4.4 Source Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS 4.5 Source Packages c33376c46a7f1850c0ce51bbd3c2bbd3 dump-0.4b22-5.src.rpm abaeb831106f49d1f51d91bb998417bd libz-1.1.3-12.src.rpm b9ce4de256acbf245c033d1d6c2e0e16 linux-2.4.13-15.src.rpm 210d573922a5cd853d76d60369a07f30 rpm-3.0.6-9.src.rpm efdcebc83356879c13380b2e68a2421a rsync-2.5.0-5.src.rpm 5. OpenLinux 3.1.1 Workstation 5.1 Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS 5.2 Packages 2eb402bff568a8a52f259db0bbdbe80b dump-0.4b22-5.i386.rpm f5d940f7dcfd7bcc24c1c79df563d98d libz-1.1.3-12.i386.rpm 0247958bb6f6cc4fe314e3bd3df007e7 libz-devel-1.1.3-12.i386.rpm 62300daa75cf90b086973130e66bbc4f libz-devel-static-1.1.3-12.i386.rpm 4e4bc1d4d9f07b1915b0ec83f256b083 linux-kernel-binary-2.4.13-15D.i386.rpm 5ca88a6a2649e0b0a5b9fd87d39003ea linux-kernel-include-2.4.13-15D.i386.rpm 24b76ee7071cd1e7631784533710fc25 linux-source-UserMode-2.4.13-15D.i386.rpm 09613d857cb2644972c09c20245cb2e8 linux-source-alpha-2.4.13-15D.i386.rpm ec968ae079c4f839545b3e4fcb73ce94 linux-source-arm-2.4.13-15D.i386.rpm 6b9cffa24bbe399fb7645590ebf3291e linux-source-common-2.4.13-15D.i386.rpm 66d6db7a7110f7a10c1740dd2ca0c143 linux-source-cris-2.4.13-15D.i386.rpm a2985f0fd10b09cf9e346688a5015b3f linux-source-i386-2.4.13-15D.i386.rpm df48cf34035e457bbc5d613c6a25ab1d linux-source-ia64-2.4.13-15D.i386.rpm 075bc490820ab1d955657d25d5dbf7a8 linux-source-m68k-2.4.13-15D.i386.rpm 43062ea7434ea1805d75c0ef4ed6b669 linux-source-mips-2.4.13-15D.i386.rpm 505b7dfbf0cfcad3f2124eadff8a1a3f linux-source-parisc-2.4.13-15D.i386.rpm 99c1f5f658a0843ce7f9783cda060c0e linux-source-ppc-2.4.13-15D.i386.rpm 5651a5f3c6995e5212ec1cf04b051e1c linux-source-s390-2.4.13-15D.i386.rpm ca3fb8cfac3c69c4a58c5573b5b94d6f linux-source-sparc-2.4.13-15D.i386.rpm 1d5accb35c304c196af6a304ad6c0ea9 linux-source-superH-2.4.13-15D.i386.rpm a81c8abac44c509fad419e96b4f2120e rpm-3.0.6-9.i386.rpm 3b228a4ab62dde634c07acba967c8e18 rpm-devel-3.0.6-9.i386.rpm 95d1bb7a31a3c78fe69db78065844317 rsync-2.5.0-5.i386.rpm 5.3 Installation rpm -Fvh libz-1.1.3-12.i386.rpm rpm -Fvh dump-0.4b22-5.i386.rpm rpm -Fvh libz-devel-1.1.3-12.i386.rpm rpm -Fvh libz-devel-static-1.1.3-12.i386.rpm rpm -Fvh linux-kernel-binary-2.4.13-15D.i386.rpm rpm -Fvh linux-kernel-include-2.4.13-15D.i386.rpm rpm -Fvh linux-source-UserMode-2.4.13-15D.i386.rpm rpm -Fvh linux-source-alpha-2.4.13-15D.i386.rpm rpm -Fvh linux-source-arm-2.4.13-15D.i386.rpm rpm -Fvh linux-source-common-2.4.13-15D.i386.rpm rpm -Fvh linux-source-cris-2.4.13-15D.i386.rpm rpm -Fvh linux-source-i386-2.4.13-15D.i386.rpm rpm -Fvh linux-source-ia64-2.4.13-15D.i386.rpm rpm -Fvh linux-source-m68k-2.4.13-15D.i386.rpm rpm -Fvh linux-source-mips-2.4.13-15D.i386.rpm rpm -Fvh linux-source-parisc-2.4.13-15D.i386.rpm rpm -Fvh linux-source-ppc-2.4.13-15D.i386.rpm rpm -Fvh linux-source-s390-2.4.13-15D.i386.rpm rpm -Fvh linux-source-sparc-2.4.13-15D.i386.rpm rpm -Fvh linux-source-superH-2.4.13-15D.i386.rpm rpm -Fvh rpm-3.0.6-9.i386.rpm rpm -Fvh rpm-devel-3.0.6-9.i386.rpm rpm -Fvh rsync-2.5.0-5.i386.rpm 5.4 Source Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS 5.5 Source Packages c33376c46a7f1850c0ce51bbd3c2bbd3 dump-0.4b22-5.src.rpm abaeb831106f49d1f51d91bb998417bd libz-1.1.3-12.src.rpm b9ce4de256acbf245c033d1d6c2e0e16 linux-2.4.13-15.src.rpm 210d573922a5cd853d76d60369a07f30 rpm-3.0.6-9.src.rpm efdcebc83356879c13380b2e68a2421a rsync-2.5.0-5.src.rpm 6. OpenLinux 3.1 Server 6.1 Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS 6.2 Packages b211e47f24ec808d774873223b4fd812 dump-0.4b22-5.i386.rpm 193ac0128dfa53a214f1e41c1fc319c1 kernel-addon-modules-2.4.13-2S.i386.rpm 3eaf4153134ee47432b499c05300872a libz-1.1.3-12.i386.rpm a0558b3409e63bb87505354ec46be0b6 libz-devel-1.1.3-12.i386.rpm 36dcf2e3e610e63652ab36d0e7f716a6 libz-devel-static-1.1.3-12.i386.rpm 6dda43ceec3ca8f93b7b3c1943caeeb5 linux-kernel-binary-2.4.13-15.1S.i386.rpm b38509a0e655fe9d924c4a617fbd185d linux-kernel-include-2.4.13-15.1S.i386.rpm 3c8f4e5475a8d4cd4c18d1a042864fa0 linux-source-UserMode-2.4.13-15.1S.i386.rpm 6cdf1ebc04ae5851d2c5eaa66fc17d67 linux-source-alpha-2.4.13-15.1S.i386.rpm 20b0ccc59622c98b936f2de90a5c2ced linux-source-arm-2.4.13-15.1S.i386.rpm 8235f7c6b2bce8391962dc794cb0c79a linux-source-common-2.4.13-15.1S.i386.rpm 27aae509caf0866107f2485b43aa2780 linux-source-cris-2.4.13-15.1S.i386.rpm 4ba75bfbfbe26fea01b520712fee2647 linux-source-i386-2.4.13-15.1S.i386.rpm 829b24409d6484dd6e39cbddb3a4ac93 linux-source-ia64-2.4.13-15.1S.i386.rpm 1ce2809f16632e8be13dec07b486e755 linux-source-m68k-2.4.13-15.1S.i386.rpm bbd6bffc51b902d6cf95e0b5625598ff linux-source-mips-2.4.13-15.1S.i386.rpm e02d292694eae3c0ec33c20caf0daf67 linux-source-parisc-2.4.13-15.1S.i386.rpm fafdf1dc526b246a837637390c98e8a6 linux-source-ppc-2.4.13-15.1S.i386.rpm 44bdfabfafb32eb13516bb7e142f2b64 linux-source-s390-2.4.13-15.1S.i386.rpm 6af0f4ee25d5635ad6ade44f82b93892 linux-source-sparc-2.4.13-15.1S.i386.rpm 2a12b50476a8310240386d832f99e926 linux-source-superH-2.4.13-15.1S.i386.rpm 059e239eedca3f696004d484f283bc60 rpm-3.0.6-9.i386.rpm a27b51319b551815633b93287ae3ca39 rpm-devel-3.0.6-9.i386.rpm 0bb73c2f5a147ec1395b2f5675c31352 rsync-2.5.0-5.i386.rpm 6.3 Installation rpm -Fvh libz-1.1.3-12.i386.rpm rpm -Fvh dump-0.4b22-5.i386.rpm rpm -Fvh kernel-addon-modules-2.4.13-2S.i386.rpm rpm -Fvh libz-devel-1.1.3-12.i386.rpm rpm -Fvh libz-devel-static-1.1.3-12.i386.rpm rpm -Fvh linux-kernel-binary-2.4.13-15.1S.i386.rpm rpm -Fvh linux-kernel-include-2.4.13-15.1S.i386.rpm rpm -Fvh linux-source-UserMode-2.4.13-15.1S.i386.rpm rpm -Fvh linux-source-alpha-2.4.13-15.1S.i386.rpm rpm -Fvh linux-source-arm-2.4.13-15.1S.i386.rpm rpm -Fvh linux-source-common-2.4.13-15.1S.i386.rpm rpm -Fvh linux-source-cris-2.4.13-15.1S.i386.rpm rpm -Fvh linux-source-i386-2.4.13-15.1S.i386.rpm rpm -Fvh linux-source-ia64-2.4.13-15.1S.i386.rpm rpm -Fvh linux-source-m68k-2.4.13-15.1S.i386.rpm rpm -Fvh linux-source-mips-2.4.13-15.1S.i386.rpm rpm -Fvh linux-source-parisc-2.4.13-15.1S.i386.rpm rpm -Fvh linux-source-ppc-2.4.13-15.1S.i386.rpm rpm -Fvh linux-source-s390-2.4.13-15.1S.i386.rpm rpm -Fvh linux-source-sparc-2.4.13-15.1S.i386.rpm rpm -Fvh linux-source-superH-2.4.13-15.1S.i386.rpm rpm -Fvh rpm-3.0.6-9.i386.rpm rpm -Fvh rpm-devel-3.0.6-9.i386.rpm rpm -Fvh rsync-2.5.0-5.i386.rpm 6.4 Source Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS 6.5 Source Packages 97472f80faece0297239f1155e1fe8a6 dump-0.4b22-5.src.rpm c025b7efc4729a0a8411e6a59ad70d3c kernel-addon-2.4.13-2.src.rpm 59212c9419668d58f0fdd5f3e0da531a libz-1.1.3-12.src.rpm 1f9ba86bd11d937a9e7a7b0344426699 linux-2.4.13-15.1.src.rpm fe6018de3555cdc36b2095b54e4a7352 rpm-3.0.6-9.src.rpm 753573592613010d9e17192ce350aa95 rsync-2.5.0-5.src.rpm 7. OpenLinux 3.1 Workstation 7.1 Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS 7.2 Packages b211e47f24ec808d774873223b4fd812 dump-0.4b22-5.i386.rpm d2ed4905eb93dae76e57ca6ae085726c kernel-addon-modules-2.4.13-2D.i386.rpm 3eaf4153134ee47432b499c05300872a libz-1.1.3-12.i386.rpm a0558b3409e63bb87505354ec46be0b6 libz-devel-1.1.3-12.i386.rpm 36dcf2e3e610e63652ab36d0e7f716a6 libz-devel-static-1.1.3-12.i386.rpm 714cfa7b70fb602e73353654a0140841 linux-kernel-binary-2.4.13-15.1D.i386.rpm 29888a791a716329f8afd6dea7edd09e linux-kernel-include-2.4.13-15.1D.i386.rpm bbde51e9251af8951d861090a3f4f02f linux-source-UserMode-2.4.13-15.1D.i386.rpm 5097c91f3756c9da3ae90cce04929973 linux-source-alpha-2.4.13-15.1D.i386.rpm a358560c7956eacd6257fd817879fa68 linux-source-arm-2.4.13-15.1D.i386.rpm 104ed2307859e5fc82a84563978c9960 linux-source-common-2.4.13-15.1D.i386.rpm ba70a1ca0909827adf901198f00d0b87 linux-source-cris-2.4.13-15.1D.i386.rpm 5c26cbca64fdf089a32f2bf4947985a6 linux-source-i386-2.4.13-15.1D.i386.rpm ef46325c95c99c544489342c76c5585f linux-source-ia64-2.4.13-15.1D.i386.rpm 82557819ce8cfb644d1c748ea9744375 linux-source-m68k-2.4.13-15.1D.i386.rpm c1ecf43c8253a16198a2fb2aae46abe2 linux-source-mips-2.4.13-15.1D.i386.rpm 5b644afc53b14405aa85382bb51b64d3 linux-source-parisc-2.4.13-15.1D.i386.rpm 99531f35baa09b47127501b093827313 linux-source-ppc-2.4.13-15.1D.i386.rpm 0e97bd13329c2efe4c2897cd647c987e linux-source-s390-2.4.13-15.1D.i386.rpm 942225122fd7284687f2a8fe138dad68 linux-source-sparc-2.4.13-15.1D.i386.rpm 647d3d26bb1c48236b57d24e8d891c34 linux-source-superH-2.4.13-15.1D.i386.rpm 059e239eedca3f696004d484f283bc60 rpm-3.0.6-9.i386.rpm a27b51319b551815633b93287ae3ca39 rpm-devel-3.0.6-9.i386.rpm 0bb73c2f5a147ec1395b2f5675c31352 rsync-2.5.0-5.i386.rpm 7.3 Installation rpm -Fvh libz-1.1.3-12.i386.rpm rpm -Fvh dump-0.4b22-5.i386.rpm rpm -Fvh kernel-addon-modules-2.4.13-2D.i386.rpm rpm -Fvh libz-devel-1.1.3-12.i386.rpm rpm -Fvh libz-devel-static-1.1.3-12.i386.rpm rpm -Fvh linux-kernel-binary-2.4.13-15.1D.i386.rpm rpm -Fvh linux-kernel-include-2.4.13-15.1D.i386.rpm rpm -Fvh linux-source-UserMode-2.4.13-15.1D.i386.rpm rpm -Fvh linux-source-alpha-2.4.13-15.1D.i386.rpm rpm -Fvh linux-source-arm-2.4.13-15.1D.i386.rpm rpm -Fvh linux-source-common-2.4.13-15.1D.i386.rpm rpm -Fvh linux-source-cris-2.4.13-15.1D.i386.rpm rpm -Fvh linux-source-i386-2.4.13-15.1D.i386.rpm rpm -Fvh linux-source-ia64-2.4.13-15.1D.i386.rpm rpm -Fvh linux-source-m68k-2.4.13-15.1D.i386.rpm rpm -Fvh linux-source-mips-2.4.13-15.1D.i386.rpm rpm -Fvh linux-source-parisc-2.4.13-15.1D.i386.rpm rpm -Fvh linux-source-ppc-2.4.13-15.1D.i386.rpm rpm -Fvh linux-source-s390-2.4.13-15.1D.i386.rpm rpm -Fvh linux-source-sparc-2.4.13-15.1D.i386.rpm rpm -Fvh linux-source-superH-2.4.13-15.1D.i386.rpm rpm -Fvh rpm-3.0.6-9.i386.rpm rpm -Fvh rpm-devel-3.0.6-9.i386.rpm rpm -Fvh rsync-2.5.0-5.i386.rpm 7.4 Source Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS 7.5 Source Packages 97472f80faece0297239f1155e1fe8a6 dump-0.4b22-5.src.rpm c025b7efc4729a0a8411e6a59ad70d3c kernel-addon-2.4.13-2.src.rpm 59212c9419668d58f0fdd5f3e0da531a libz-1.1.3-12.src.rpm 1f9ba86bd11d937a9e7a7b0344426699 linux-2.4.13-15.1.src.rpm fe6018de3555cdc36b2095b54e4a7352 rpm-3.0.6-9.src.rpm 753573592613010d9e17192ce350aa95 rsync-2.5.0-5.src.rpm 8. References Specific references for this advisory: http://www.cert.org/advisories/CA-2002-07.html http://www.gzip.org/zlib/advisory-2002-03-11.txt Caldera OpenLinux security resources: http://www.caldera.com/support/security/index.html Caldera UNIX security resources: http://stage.caldera.com/support/security/ This security fix closes Caldera incidents sr860749, fz520215, and erg711966. 9. Disclaimer Caldera International, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera products. 10. Acknowledgements Owen Taylor announced this on February 6, 2002, after Matthias Clasen found an invalid PNG file crashing zlib. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjzHGagACgkQbluZssSXDTEPDACfUShDNIMUPqKvVeRU3fTD4iFr pEgAni3xFFuS9C4aV1cSA3X1qPAkPx/C =N59H -----END PGP SIGNATURE-----