7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Debian Security Advisory DSA 797-2 [email protected]
http://www.debian.org/security/ Michael Stone
September 28th, 2005 http://www.debian.org/security/faq
Package : zsync
Vulnerability : DOS
Problem-Type : buffer overflow
Debian-specific: no
CVE ID : CAN-2005-1849, CAN-2005-2096
zsync, a file transfer program, includes a modified local copy of
the zlib library, and is vulnerable to certain bugs fixed previously
in the zlib package.
There was a build error for the sarge i386 proftpd packages released in
DSA 797-1. A new build, zsync_0.3.3-1.sarge.1.2, has been prepared to
correct this error. The packages for other architectures are unaffected.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1.2_i386.deb
Size/MD5 checksum: 94516 bb4ff605c6e3b94f23dd0986ca55e450
These files will probably be moved into the stable distribution on
its next update.
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 3.1 | s390 | zlib1g | < 1.2.2-4.sarge.1 | zlib1g_1.2.2-4.sarge.1_s390.deb |
Debian | 3.1 | i386 | zlib1g | < 1.2.2-4.sarge.1 | zlib1g_1.2.2-4.sarge.1_i386.deb |
Debian | 3.1 | sparc | zsync | < 0.3.3-1.sarge.1 | zsync_0.3.3-1.sarge.1_sparc.deb |
Debian | 3.1 | ia64 | zlib-bin | < 1.2.2-4.sarge.2 | zlib-bin_1.2.2-4.sarge.2_ia64.deb |
Debian | 3.1 | alpha | zsync | < 0.3.3-1.sarge.1 | zsync_0.3.3-1.sarge.1_alpha.deb |
Debian | 3.1 | amd64 | sash | < 3.7-5sarge1 | sash_3.7-5sarge1_amd64.deb |
Debian | 3.1 | powerpc | zlib-bin | < 1.2.2-4.sarge.2 | zlib-bin_1.2.2-4.sarge.2_powerpc.deb |
Debian | 3.1 | ia64 | zlib1g-udeb | < 1.2.2-4.sarge.2 | zlib1g-udeb_1.2.2-4.sarge.2_ia64.deb |
Debian | 3.1 | sparc | zlib1g-dev | < 1.2.2-4.sarge.2 | zlib1g-dev_1.2.2-4.sarge.2_sparc.deb |
Debian | 3.1 | hppa | zlib1g-dev | < 1.2.2-4.sarge.2 | zlib1g-dev_1.2.2-4.sarge.2_hppa.deb |