Home page logo
/

bugtraq logo Bugtraq mailing list archives

[CLA-2002:469] Conectiva Linux Security Announcement - zlib
From: secure () conectiva com br
Date: Thu, 14 Mar 2002 17:27:10 -0300

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT 
- --------------------------------------------------------------------------

PACKAGE   : zlib
SUMMARY   : zlib double free() vulnerability
DATE      : 2002-03-14 17:04:00
ID        : CLA-2002:469
RELEVANT
RELEASES  : 5.0, prg graficos, ecommerce, 5.1, 6.0, 7.0

- -------------------------------------------------------------------------

DESCRIPTION
 "zlib"[1] is a compression library used by hundreds of different
 programs.
 
 zlib version 1.1.3 and lower of this library have a vulnerability[5]
 which can be used by an attacker (local or remote, it depends on the
 service being targeted) to cause a Denial of Service condition in
 most cases, or, in the worst case, possibly execute arbitrary code.
 
 With a carefully crafted compressed stream of data it is possible
 to make the library attempt to free the same pointer twice, which
 will cause the affected program to exit abnormally in most cases.
 However, it has already been demonstrated[7] that a double free()
 can be used in certain conditions to execute arbitrary code.
 
 Originally reported by Steven Sawkins to the authors for the 1.1.3
 version of the library, the problem was initially not deemed a
 security vulnerability.
 
 More recently this issue was brought up again[4], this time by
 Matthias Clasen, and its security impact was realized after an
 analysis done by Owen Taylor.
 
 This update also addresses another problem[8] found by Ethan Benson
 in the rsync program. He found out that rsync fails to drop root's
 groups when switching to another uid/gid.


SOLUTION
 Several hundred programs use zlib nowadays. There are basically three
 scenarios that will have to be taken into account for this update,
 besides having to update zlib itself, of course:
 
 a) services or programs which link dinamically with zlib. In this
 case, it is enough to update zlib and, IMPORTANT, restart all these
 services after updating the library. A quick way to check for these
 services is to issue the following command as root (the lsof package
 has to be installed):
 
  lsof | grep libz
 
 The first column shown by this command will be the name of the
 process that will have to be restarted. A few examples of processes
 that would have to be restarted if they were running are openssh,
 snort, mysql and others. If there is any doubt about which processes
 will have to be restarted, then it is best to reboot the machine.
 
 b) services or programs which link to the static version of zlib.
 These programs will have to be relinked against the fixed zlib
 package in order to remove the vulnerability. Such programs in the
 distribution were recompiled and are being updated through this
 advisory. "rpm" is such a case. In other cases, such as with the
 "vnc" package, the package was modified to use the dynamic version of
 the library, but it will have to be updated anyway.
 
 c) services or programs which, for one reason or the other, include
 and use their own copy of the zlib library instead of using the
 system provided one. In this case, that specific program or service
 will have to be patched and recompiled. Examples of this situation
 are rsync, gcc and the kernel. Another solution which is possible
 with some packages is to patch them to use, from now on, the system
 dynamic version of zlib. In any case, all such programs have to be
 updated individually, just updating the system zlib is again not
 enough.
 
 A few packages are not being updated through this advisory: kernel
 and netscape. Netscape will be updated as soon as a new binary
 version is released, and the kernel will be updated shortly.
 
 With the above scenarios in mind, we recommend the following update
 procedures:
 
 - apt-get users can proceed as usual. After apt upgrades the
 necessary packages, restart the services as described in a), and also
 restart any other service that was upgraded if it was already
 running.
 
 - users with a version of the distribution which does not support
 apt-get (CL < 6.0) will have to check which of the updated packages
 are installed on their systems and then download and update those
 packages manually. As with the previous case, all zlib dependant
 services will have to be restarted. Use the procedure described in a)
 to identify the running services dinamically linked to zlib, and also
 restart any service that is provided via this update if it is already
 running.
 
 If there is any doubt about which services have to be restarted, we
 recommend to reboot the machine.
 
 
 REFERENCES
 1. http://www.zlib.org
 2. http://www.kb.cert.org/vuls/id/368819
 3. http://www.cert.org/advisories/CA-2002-07.html
 4. http://bugzilla.gnome.org/show_bug.cgi?id=70594
 5. http://www.gzip.org/zlib/advisory-2002-03-11.txt
 6. http://online.securityfocus.com/bid/4267
 7. http://online.securityfocus.com/bid/1739
 8. http://bugs.debian.org/132272


DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/zlib-1.1.3-15U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/rsync-2.4.6-5U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/cvs-1.10.8-5U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/vnc-3.3.3-6U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/rpm-3.0.4-10U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/zlib-1.1.3-15U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/zlib-devel-1.1.3-15U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/zlib-devel-static-1.1.3-15U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/rsync-2.4.6-5U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/cvs-1.10.8-5U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/cvs-doc-1.10.8-5U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/vnc-3.3.3-6U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/rpm-3.0.4-10U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/rpm-devel-3.0.4-10U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/rpm-python-3.0.4-10U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/zlib-1.1.3-15U51_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/rsync-2.4.6-5U51_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/cvs-1.10.8-5U51_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/vnc-3.3.3-6U51_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/rpm-3.0.4-10U51_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/cvs-1.10.8-5U51_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/zlib-1.1.3-15U51_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/zlib-devel-1.1.3-15U51_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/zlib-devel-static-1.1.3-15U51_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/rsync-2.4.6-5U51_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/cvs-doc-1.10.8-5U51_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/vnc-3.3.3-6U51_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/rpm-3.0.4-10U51_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/rpm-devel-3.0.4-10U51_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/rpm-python-3.0.4-10U51_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/zlib-1.1.3-15U60_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/rsync-2.4.6-5U60_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/cvs-1.10.8-5U60_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/vnc-3.3.3-6U60_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/rpm-3.0.5-45U60_3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/pngcrush-1.5.4-2U60_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/gcc-2.95.2-10U60_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/XFree86-4.0.1-35U60_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/zlib-1.1.3-15U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/rsync-2.4.6-5U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/zlib-devel-1.1.3-15U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/zlib-devel-static-1.1.3-15U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/cvs-1.10.8-5U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/cvs-doc-1.10.8-5U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/vnc-3.3.3-6U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/librpm-3.0.5-45U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/popt-1.5-45U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/popt-devel-1.5-45U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/popt-devel-static-1.5-45U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/popt-doc-1.5-45U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/rpm-3.0.5-45U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/rpm-build-3.0.5-45U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/rpm-devel-3.0.5-45U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/rpm-devel-static-3.0.5-45U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/rpm-doc-3.0.5-45U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/rpm2cpio-3.0.5-45U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/pngcrush-1.5.4-2U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/cpp-2.95.2-10U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/gcc-2.95.2-10U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/gcc-c++-2.95.2-10U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/gcc-chill-2.95.2-10U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/gcc-g77-2.95.2-10U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/gcc-java-2.95.2-10U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/gcc-objc-2.95.2-10U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/libgcj-2.95.2-10U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/libstdc++-2.95.2-10U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/libstdc++-devel-2.95.2-10U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/XFree86-devel-4.0.1-35U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/XFree86-Xvfb-4.0.1-35U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/XFree86-imstt-4.0.1-35U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/XFree86-Server-4.0.1-35U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/XFree86-4.0.1-35U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/XFree86-libs-4.0.1-35U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/XFree86-xfs-4.0.1-35U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/XFree86-Xnest-4.0.1-35U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/zlib-1.1.3-15U70_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/rsync-2.4.6-5U70_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/vnc-3.3.3-6U70_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/gcc-2.95.3-20U70_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/rpm-4.0.2-28U70_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/pngcrush-1.5.4-2U70_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/zlib-1.1.3-15U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/zlib-devel-1.1.3-15U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/zlib-devel-static-1.1.3-15U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/rsync-2.4.6-5U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/vnc-3.3.3-6U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/cpp-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/gcc-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/libgcj-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/gcc-c++-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/gcc-c++-doc-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/gcc-chill-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/gcc-chill-doc-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/gcc-doc-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/gcc-g77-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/gcc-g77-doc-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/gcc-java-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/gcc-java-doc-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/gcc-objc-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/gcc-objc-doc-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/libgcj-devel-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/libgcj-devel-static-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/libgcj-doc-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/librpm-4.0.2-28U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/librpmbuild-4.0.2-28U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/libstdc++-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/libstdc++-devel-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/libstdc++-doc-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/popt-1.6.2-28U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/popt-devel-1.6.2-28U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/popt-devel-static-1.6.2-28U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/popt-doc-1.6.2-28U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/python-rpm-4.0.2-28U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/rpm-4.0.2-28U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/rpm-build-4.0.2-28U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/rpm-devel-4.0.2-28U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/rpm-devel-static-4.0.2-28U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/rpm-doc-4.0.2-28U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/rpm2cpio-4.0.2-28U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/pngcrush-1.5.4-2U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-modules-xaa-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-i810-dri-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-sis-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-i128-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-dps-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-i740-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-modules-freetype-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-modules-fb-lowcolor-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-Xvfb-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-config-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-Xnest-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-GL-devel-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-modules-fb-multi-depths-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-trident-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-libs-Xaw6-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-siliconmotion-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/xterm-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-Xprt-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-chips-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-tseng-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-s3virge-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-mga-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-i810-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-devel-static-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-cirrus-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-glide-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-apm-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-xie-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-devel-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-common-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-xfs-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-modules-codeconv-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-libs-common-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-cyrix-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-misc-locales-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-vga-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-ark-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-modules-fb-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-libs-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-savage-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-modules-xtt-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-neomagic-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-modules-extended-input-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-vesa-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/rstart-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-tga-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-mga-dri-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-modules-afb-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-GL-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-bench-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-twm-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-libs-Xaw-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-rendition-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-progs-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-pex5-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-xdm-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-modules-cfb-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-manpages-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-ati-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-glint-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-Server-common-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-ati-dri-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-tdfx-dri-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-tdfx-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-proxy-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-fbdev-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-Server-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-nv-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-minimal-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-xkb-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/zlib-1.1.3-15U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/rsync-2.4.6-5U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/cvs-1.10.8-5U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/vnc-3.3.3-6U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/rpm-3.0.4-10U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/zlib-1.1.3-15U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/zlib-devel-1.1.3-15U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/zlib-devel-static-1.1.3-15U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/rsync-2.4.6-5U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/cvs-1.10.8-5U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/cvs-doc-1.10.8-5U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/vnc-3.3.3-6U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/rpm-3.0.4-10U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/rpm-devel-3.0.4-10U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/rpm-python-3.0.4-10U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/zlib-1.1.3-15U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/rsync-2.4.6-5U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/cvs-1.10.8-5U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/vnc-3.3.3-6U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/rpm-3.0.4-10U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/zlib-1.1.3-15U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/zlib-devel-1.1.3-15U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/zlib-devel-static-1.1.3-15U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/rsync-2.4.6-5U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/cvs-1.10.8-5U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/cvs-doc-1.10.8-5U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/vnc-3.3.3-6U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/rpm-3.0.4-10U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/rpm-devel-3.0.4-10U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/rpm-python-3.0.4-10U50_1cl.i386.rpm


ADDITIONAL INSTRUCTIONS
 Users of Conectiva Linux version 6.0 or higher may use apt to perform 
 upgrades of RPM packages:
 - add the following line to /etc/apt/sources.list if it is not there yet
   (you may also use linuxconf to do this):

 rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates

(replace 6.0 with the correct version number if you are not running CL6.0)

 - run:                 apt-get update
 - after that, execute: apt-get upgrade

 Detailed instructions reagarding the use of apt and upgrade examples 
 can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en


- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at 
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

- -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe () papaleguas conectiva com br
unsubscribe: conectiva-updates-unsubscribe () papaleguas conectiva com br
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8kQed42jd0JmAcZARAqlzAJ4yz2Rrcb+xCICbi7WX822Dd00UGQCdEHDs
slo5GsBpOBpvOOOwgduqm5s=
=OwrD
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
  • [CLA-2002:469] Conectiva Linux Security Announcement - zlib secure (Mar 14)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault