Re: [linux-security] ALERT: zlib double free bug (Debian)

[Martin Siegert <siegert@sfu.ca>]

On Mon, Mar 11, 2002 at 07:09:59PM -0800, Martin Siegert wrote:
> Topic
> =====
> double free bug in zlib may allow local and remote exploits
> *** THIS IS A HUGE PROBLEM ***

Problem Description
===================
This is the Debian version of the advisory.

The zlib vulnerability is fixed in the Debian zlib package version
1.1.3-5.1. A number of programs either link statically to zlib or include
a private copy of zlib code. These programs must also be upgraded
to eliminate the zlib vulnerability. The affected packages and fixed
versions follow:
  amaya 2.4-1potato1
  dictd 1.4.9-9potato1
  erlang 49.1-10.1
  freeamp 2.0.6-2.1
  mirrordir 0.10.48-2.1
  ppp 2.3.11-1.5
  rsync 2.3.2-1.6
  vrweb 1.5-5.1

Solution
========
Debian 2.2 (potato)
-------------------
upgrade to: amaya_2.4-1potato1_i386.deb
            dict_1.4.9-9potato1_i386.deb
            dictd_1.4.9-9potato1_i386.deb
            erlang_49.1-10.1_i386.deb
            freeamp_2.0.6-2.1_i386.deb
            libfreeamp-alsa_2.0.6-2.1_i386.deb
            libfreeamp-esound_2.0.6-2.1_i386.deb
            mirrordir_0.10.48-2.1_i386.deb
            ppp_2.3.11-1.5_i386.deb
            rsync_2.3.2-1.6_i386.deb
            vrweb_1.5-5.1_i386.deb
            zlib-bin_1.1.3-5.1_i386.deb
            zlib1-altdev_1.1.3-5.1_i386.deb
            zlib1_1.1.3-5.1_i386.deb
            zlib1g-dev_1.1.3-5.1_i386.deb
            zlib1g_1.1.3-5.1_i386.deb