Mandrake Linux Security Advisory : zlib (MDKSA-2003:033)
High Nessus Plugin ID 14017
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionRichard Kettlewell discovered a buffer overflow vulnerability in the zlib library's gzprintf() function. This can be used by attackers to cause a denial of service or possibly even the execution of arbitrary code. Our thanks to the OpenPKG team for providing a patch which adds the necessary configure script checks to always use the secure vsnprintf(3) and snprintf(3) functions, and which additionally adjusts the code to correctly take into account the return value of vsnprintf(3) and snprintf(3).
SolutionUpdate the affected packages.