SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Zlib Vendors:   [Multiple Authors/Vendors]
(Conectiva Issues Fix) Re: 'zlib' Shared Compression Library Contains 'Double Free()' Buffer Overflow That Lets Remote Users Cause Programs Using zlib to Crash or Execute Arbitrary Code
SecurityTracker Alert ID:  1003826
SecurityTracker URL:  http://securitytracker.com/id/1003826
CVE Reference:   CVE-2002-0059   (Links to External Site)
Date:  Mar 15 2002
Impact:   Denial of service via network, Execution of arbitrary code via local system, Execution of arbitrary code via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 1.1.3
Description:   A vulnerability was reported in the zlib shared library, a widely used library that provides in-memory compress and decompression functions. A remote user could cause programs using this library to crash or to execute arbitrary code on the system.

It is reported that certain types of input will cause zlib to free the same area of memory twice (i.e., perform a "double free"), resulting in a buffer overflow condition when expanding compressed input. A remote user can cause programs that process untrusted user-supplied compressed input to crash or potentially execute arbitrary code on the system.

It is reported that web browsers or email programs that display image attachments or other programs that uncompress data may be particularly affected.

It is reported that Matthias Clasen <maclas@gmx.de> and Owen Taylor <otaylor@redhat.com> discovered this bug.

Impact:   A remote user can cause affected programs that use zlib to process untrusted user-supplied compressed input to crash or potentially execute arbitrary code on the system.
Solution:   Conectiva has issued a fix for a variety of applications that use zlib. See the Source Message for some important information regarding these fixes.

Conectiva notes that the kernel and netscape are not addressed in this alert. Netscape will be updated as soon as a new binary version is released, and the kernel will be updated shortly.

See the Source Message for the locations of the fixes.

Users of Conectiva Linux version 6.0 or higher may use apt to perform upgrades of RPM packages:
- add the following line to /etc/apt/sources.list if it is not there yet
(you may also use linuxconf to do this):

rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates

(replace 6.0 with the correct version number if you are not running CL6.0)

- run: apt-get update
- after that, execute: apt-get upgrade

Detailed instructions reagarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

Vendor URL:  www.gzip.org/zlib/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Conectiva)
Underlying OS Comments:  5.0, prg graficos, ecommerce, 5.1, 6.0, 7.0

Message History:   This archive entry is a follow-up to the message listed below.
Mar 11 2002 'zlib' Shared Compression Library Contains 'Double Free()' Buffer Overflow That Lets Remote Users Cause Programs Using zlib to Crash or Execute Arbitrary Code



 Source Message Contents

Subject:  [CLA-2002:469] Conectiva Linux Security Announcement - zlib


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT 
- --------------------------------------------------------------------------

PACKAGE   : zlib
SUMMARY   : zlib double free() vulnerability
DATE      : 2002-03-14 17:04:00
ID        : CLA-2002:469
RELEVANT
RELEASES  : 5.0, prg graficos, ecommerce, 5.1, 6.0, 7.0

- -------------------------------------------------------------------------

DESCRIPTION
 "zlib"[1] is a compression library used by hundreds of different
 programs.
 
 zlib version 1.1.3 and lower of this library have a vulnerability[5]
 which can be used by an attacker (local or remote, it depends on the
 service being targeted) to cause a Denial of Service condition in
 most cases, or, in the worst case, possibly execute arbitrary code.
 
 With a carefully crafted compressed stream of data it is possible
 to make the library attempt to free the same pointer twice, which
 will cause the affected program to exit abnormally in most cases.
 However, it has already been demonstrated[7] that a double free()
 can be used in certain conditions to execute arbitrary code.
 
 Originally reported by Steven Sawkins to the authors for the 1.1.3
 version of the library, the problem was initially not deemed a
 security vulnerability.
 
 More recently this issue was brought up again[4], this time by
 Matthias Clasen, and its security impact was realized after an
 analysis done by Owen Taylor.
 
 This update also addresses another problem[8] found by Ethan Benson
 in the rsync program. He found out that rsync fails to drop root's
 groups when switching to another uid/gid.


SOLUTION
 Several hundred programs use zlib nowadays. There are basically three
 scenarios that will have to be taken into account for this update,
 besides having to update zlib itself, of course:
 
 a) services or programs which link dinamically with zlib. In this
 case, it is enough to update zlib and, IMPORTANT, restart all these
 services after updating the library. A quick way to check for these
 services is to issue the following command as root (the lsof package
 has to be installed):
 
  lsof | grep libz
 
 The first column shown by this command will be the name of the
 process that will have to be restarted. A few examples of processes
 that would have to be restarted if they were running are openssh,
 snort, mysql and others. If there is any doubt about which processes
 will have to be restarted, then it is best to reboot the machine.
 
 b) services or programs which link to the static version of zlib.
 These programs will have to be relinked against the fixed zlib
 package in order to remove the vulnerability. Such programs in the
 distribution were recompiled and are being updated through this
 advisory. "rpm" is such a case. In other cases, such as with the
 "vnc" package, the package was modified to use the dynamic version of
 the library, but it will have to be updated anyway.
 
 c) services or programs which, for one reason or the other, include
 and use their own copy of the zlib library instead of using the
 system provided one. In this case, that specific program or service
 will have to be patched and recompiled. Examples of this situation
 are rsync, gcc and the kernel. Another solution which is possible
 with some packages is to patch them to use, from now on, the system
 dynamic version of zlib. In any case, all such programs have to be
 updated individually, just updating the system zlib is again not
 enough.
 
 A few packages are not being updated through this advisory: kernel
 and netscape. Netscape will be updated as soon as a new binary
 version is released, and the kernel will be updated shortly.
 
 With the above scenarios in mind, we recommend the following update
 procedures:
 
 - apt-get users can proceed as usual. After apt upgrades the
 necessary packages, restart the services as described in a), and also
 restart any other service that was upgraded if it was already
 running.
 
 - users with a version of the distribution which does not support
 apt-get (CL < 6.0) will have to check which of the updated packages
 are installed on their systems and then download and update those
 packages manually. As with the previous case, all zlib dependant
 services will have to be restarted. Use the procedure described in a)
 to identify the running services dinamically linked to zlib, and also
 restart any service that is provided via this update if it is already
 running.
 
 If there is any doubt about which services have to be restarted, we
 recommend to reboot the machine.
 
 
 REFERENCES
 1. http://www.zlib.org
 2. http://www.kb.cert.org/vuls/id/368819
 3. http://www.cert.org/advisories/CA-2002-07.html
 4. http://bugzilla.gnome.org/show_bug.cgi?id=70594
 5. http://www.gzip.org/zlib/advisory-2002-03-11.txt
 6. http://online.securityfocus.com/bid/4267
 7. http://online.securityfocus.com/bid/1739
 8. http://bugs.debian.org/132272


DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/zlib-1.1.3-15U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/rsync-2.4.6-5U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/cvs-1.10.8-5U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/vnc-3.3.3-6U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/rpm-3.0.4-10U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/zlib-1.1.3-15U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/zlib-devel-1.1.3-15U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/zlib-devel-static-1.1.3-15U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/rsync-2.4.6-5U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/cvs-1.10.8-5U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/cvs-doc-1.10.8-5U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/vnc-3.3.3-6U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/rpm-3.0.4-10U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/rpm-devel-3.0.4-10U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/rpm-python-3.0.4-10U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/zlib-1.1.3-15U51_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/rsync-2.4.6-5U51_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/cvs-1.10.8-5U51_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/vnc-3.3.3-6U51_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/rpm-3.0.4-10U51_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/cvs-1.10.8-5U51_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/zlib-1.1.3-15U51_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/zlib-devel-1.1.3-15U51_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/zlib-devel-static-1.1.3-15U51_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/rsync-2.4.6-5U51_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/cvs-doc-1.10.8-5U51_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/vnc-3.3.3-6U51_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/rpm-3.0.4-10U51_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/rpm-devel-3.0.4-10U51_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/rpm-python-3.0.4-10U51_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/zlib-1.1.3-15U60_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/rsync-2.4.6-5U60_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/cvs-1.10.8-5U60_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/vnc-3.3.3-6U60_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/rpm-3.0.5-45U60_3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/pngcrush-1.5.4-2U60_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/gcc-2.95.2-10U60_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/XFree86-4.0.1-35U60_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/zlib-1.1.3-15U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/rsync-2.4.6-5U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/zlib-devel-1.1.3-15U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/zlib-devel-static-1.1.3-15U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/cvs-1.10.8-5U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/cvs-doc-1.10.8-5U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/vnc-3.3.3-6U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/librpm-3.0.5-45U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/popt-1.5-45U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/popt-devel-1.5-45U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/popt-devel-static-1.5-45U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/popt-doc-1.5-45U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/rpm-3.0.5-45U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/rpm-build-3.0.5-45U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/rpm-devel-3.0.5-45U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/rpm-devel-static-3.0.5-45U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/rpm-doc-3.0.5-45U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/rpm2cpio-3.0.5-45U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/pngcrush-1.5.4-2U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/cpp-2.95.2-10U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/gcc-2.95.2-10U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/gcc-c++-2.95.2-10U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/gcc-chill-2.95.2-10U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/gcc-g77-2.95.2-10U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/gcc-java-2.95.2-10U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/gcc-objc-2.95.2-10U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/libgcj-2.95.2-10U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/libstdc++-2.95.2-10U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/libstdc++-devel-2.95.2-10U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/XFree86-devel-4.0.1-35U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/XFree86-Xvfb-4.0.1-35U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/XFree86-imstt-4.0.1-35U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/XFree86-Server-4.0.1-35U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/XFree86-4.0.1-35U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/XFree86-libs-4.0.1-35U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/XFree86-xfs-4.0.1-35U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/XFree86-Xnest-4.0.1-35U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/zlib-1.1.3-15U70_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/rsync-2.4.6-5U70_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/vnc-3.3.3-6U70_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/gcc-2.95.3-20U70_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/rpm-4.0.2-28U70_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/pngcrush-1.5.4-2U70_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/zlib-1.1.3-15U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/zlib-devel-1.1.3-15U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/zlib-devel-static-1.1.3-15U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/rsync-2.4.6-5U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/vnc-3.3.3-6U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/cpp-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/gcc-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/libgcj-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/gcc-c++-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/gcc-c++-doc-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/gcc-chill-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/gcc-chill-doc-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/gcc-doc-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/gcc-g77-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/gcc-g77-doc-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/gcc-java-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/gcc-java-doc-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/gcc-objc-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/gcc-objc-doc-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/libgcj-devel-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/libgcj-devel-static-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/libgcj-doc-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/librpm-4.0.2-28U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/librpmbuild-4.0.2-28U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/libstdc++-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/libstdc++-devel-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/libstdc++-doc-2.95.3-20U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/popt-1.6.2-28U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/popt-devel-1.6.2-28U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/popt-devel-static-1.6.2-28U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/popt-doc-1.6.2-28U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/python-rpm-4.0.2-28U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/rpm-4.0.2-28U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/rpm-build-4.0.2-28U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/rpm-devel-4.0.2-28U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/rpm-devel-static-4.0.2-28U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/rpm-doc-4.0.2-28U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/rpm2cpio-4.0.2-28U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/pngcrush-1.5.4-2U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-modules-xaa-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-i810-dri-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-sis-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-i128-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-dps-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-i740-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-modules-freetype-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-modules-fb-lowcolor-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-Xvfb-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-config-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-Xnest-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-GL-devel-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-modules-fb-multi-depths-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-trident-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-libs-Xaw6-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-siliconmotion-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/xterm-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-Xprt-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-chips-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-tseng-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-s3virge-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-mga-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-i810-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-devel-static-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-cirrus-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-glide-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-apm-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-xie-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-devel-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-common-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-xfs-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-modules-codeconv-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-libs-common-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-cyrix-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-misc-locales-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-vga-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-ark-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-modules-fb-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-libs-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-savage-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-modules-xtt-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-neomagic-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-modules-extended-input-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-vesa-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/rstart-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-tga-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-mga-dri-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-modules-afb-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-GL-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-bench-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-twm-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-libs-Xaw-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-rendition-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-progs-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-pex5-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-xdm-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-modules-cfb-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-manpages-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-ati-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-glint-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-Server-common-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-ati-dri-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-tdfx-dri-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-tdfx-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-proxy-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-fbdev-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-Server-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-nv-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-minimal-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/XFree86-xkb-4.0.3-26U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/zlib-1.1.3-15U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/rsync-2.4.6-5U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/cvs-1.10.8-5U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/vnc-3.3.3-6U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/rpm-3.0.4-10U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/zlib-1.1.3-15U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/zlib-devel-1.1.3-15U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/zlib-devel-static-1.1.3-15U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/rsync-2.4.6-5U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/cvs-1.10.8-5U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/cvs-doc-1.10.8-5U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/vnc-3.3.3-6U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/rpm-3.0.4-10U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/rpm-devel-3.0.4-10U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/rpm-python-3.0.4-10U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/zlib-1.1.3-15U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/rsync-2.4.6-5U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/cvs-1.10.8-5U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/vnc-3.3.3-6U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/rpm-3.0.4-10U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/zlib-1.1.3-15U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/zlib-devel-1.1.3-15U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/zlib-devel-static-1.1.3-15U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/rsync-2.4.6-5U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/cvs-1.10.8-5U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/cvs-doc-1.10.8-5U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/vnc-3.3.3-6U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/rpm-3.0.4-10U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/rpm-devel-3.0.4-10U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/rpm-python-3.0.4-10U50_1cl.i386.rpm


ADDITIONAL INSTRUCTIONS
 Users of Conectiva Linux version 6.0 or higher may use apt to perform 
 upgrades of RPM packages:
 - add the following line to /etc/apt/sources.list if it is not there yet
   (you may also use linuxconf to do this):

 rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates

(replace 6.0 with the correct version number if you are not running CL6.0)

 - run:                 apt-get update
 - after that, execute: apt-get upgrade

 Detailed instructions reagarding the use of apt and upgrade examples 
 can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en


- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at 
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

- -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8kQed42jd0JmAcZARAqlzAJ4yz2Rrcb+xCICbi7WX822Dd00UGQCdEHDs
slo5GsBpOBpvOOOwgduqm5s=
=OwrD
-----END PGP SIGNATURE-----


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC