Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: August 31, 2005 Updated: August 31, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Updated: October 05, 2005
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
From the CVS version 1.12.13 NEWS file: CVS now uses version 1.2.3 of the ZLib compression libraries in order to avoid two recently announced security vulnerabilities in them. Both may be used for denial of service attacks and one may reportedly allow execution of arbitrary code, though this is not confirmed. Please see the CERT vulnerabilities advisories #238678
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 13, 2005
Not Affected
Foundry is not vulnerable to this DoS vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
FreeBSD 5.3 and FreeBSD 5.4 are affected by this issue. It was addressed in the security advisory FreeBSD-SA-05:16.zlib, which provides instructions on how to correct the problem.
The vendor has not provided us with any further information regarding this vulnerability.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 FreeBSD-SA-05:16.zlib Security Advisory
The FreeBSD Project Topic: Buffer overflow in zlib Category: core
Module: libz
Announced: 2005-07-06
Credits: Tavis Ormandy
Affects: FreeBSD 5.3, FreeBSD 5.4
Corrected: 2005-07-06 14:01:11 UTC (RELENG_5, 5.4-STABLE)
2005-07-06 14:01:30 UTC (RELENG_5_4, 5.4-RELEASE-p4)
2005-07-06 14:01:52 UTC (RELENG_5_3, 5.3-RELEASE-p18)
CVE Name: CAN-2005-2096 For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Updated: July 13, 2005
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Please see http://www.gentoo.org/security/en/glsa/glsa-200507-05.xml
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: August 09, 2005
Unknown
The AIX operating system is not vulnerable to the issues discussed in Vulnerability Note VU#680620. However, zlib is available for installation on AIX via the AIX Toolbox for Linux. These items are shipped "as is" and are unwarranted. A patched version of the zlib library can be downloaded from: ftp://ftp.software.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/zlib/zlib-1.2.2-4.aix5.1.ppc.rpm
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 22, 2005
Not Affected
Juniper Networks products are not susceptible to this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Affected
Mandriva has released updated packages to correct the zlib vulnerability. For more information view the MDKSA-2005:112 advisory. http://www.mandriva.com/security/advisories?name=MDKSA-2005:112
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 12, 2005
Not Affected
Our initial investigation has revealed that currently supported versions of Microsoft Windows are not at risk from this vulnerability. Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a fix through our monthly release process or an out-of-cycle security update, depending on customer needs.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NetBSD Security Note 20050708-1 Topic: NetBSD base system not vulnerable to zlib overflow pkgsrc did provide vulnerable versions A zlib buffer overflow has been announced. http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-2096 The NetBSD Security Officer team was aware of this issue, and would like to reassure users that the NetBSD base system is not vulnerable. The bug was introduced in changes to zlib after 1.1.4, the latest version supplied in the base install of NetBSD. The vulnerable version, 1.2.2 has been available from pkgsrc. Users of the audit-packages tool will already have noticed that version is marked as vulnerable, and the 1.2.2nb1 update addresses the issue. Other pkgsrc users are encouraged to update devel/zlib to 1.2.2nb1, as well as to take advantage of the security/audit-packages infrastructure. Thanks To Tavis Ormandy Colin Percival Mark Adler Matthias Drochner Matthias Scheler More Information Information about NetBSD and NetBSD security can be found at http://www.NetBSD.org/ and http://www.NetBSD.org/Security/. Copyright 2005, The NetBSD Foundation, Inc. All Rights Reserved. Redistribution permitted only in full, unmodified form. $NetBSD: NetBSD-SN20050708-1.txt,v 1.1 2005/07/08 15:54:11 david Exp $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (NetBSD) iQCVAwUBQs6+TD5Ru2/4N2IFAQI9HAQAvT7R6nDbr+xDroAXYkZrs2zdI9gkIStc UswbbKNP1G8D90h4nIKrXtvNyG+e4squRtawLB06Fylu+OkielUWeTPIzzwmef0V qWqWBxg1EWM2WigyDS/SmA6lrQt+dgJ4bfX0IiwakBItdM6v5yScB9svI4qi0aNl n8+PU7IvbGU= =PWU8 -----END PGP SIGNATURE-----
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 12, 2005
Not Affected
Openwall GNU/*/Linux (Owl) has never used a version of zlib affected by this vulnerability. We're currently using zlib 1.1.4.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Affected
Vendor statement; Red Hat: This issue affected Red Hat Enterprise Linux 4. Updated packages were made available on July 6th along with our advisory at the URL below. Red Hat Enterprise Linux 2.1 and 3 were not affected by this issue as they shipped a version of zlib not affected by this issue. http://rhn.redhat.com/errata/RHSA-2005-569.html Vendor statement; Fedora Project: Updated zlib packages are available for Fedora Core 3 and Fedora Core 4: http://www.redhat.com/archives/fedora-announce-list/2005-July/msg00017.html http://www.redhat.com/archives/fedora-announce-list/2005-July/msg00016.html
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 12, 2005
Not Affected
Please refer to the following URL: English http://www.turbolinux.com/security/2005/TLSA-2005-77.txt Japanese http://www.turbolinux.co.jp/security/2005/TLSA-2005-77j.txt Other products are "Not Vulnerable".
The vendor has not provided us with any further information regarding this vulnerability.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Turbolinux Security Advisory TLSA-2005-77
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp Original released date: 11 Jul 2005
Last revised: 11 Jul 2005 Package: zlib Summary: Buffer overflow More information: Zlib is a widely used compression and decompression library. A buffer overflow vulnerability exists in zlib. Impact: The zlib allows attackers to cause a denial of service via a crafted file. Affected Products: - Turbolinux 10 Server Solution: Please use the turbopkg (zabom) tool to apply the update. # turbopkg
or
# zabom -u zlib zlib-devel
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 06, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: July 11, 2005 Updated: July 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.