News

=========================================================== Ubuntu Security Notice USN-151-4 November 09, 2005 rpm vulnerability CVE-2005-1849, CVE-2005-2096 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: lsb-rpm The problem can be corrected by upgrading the affected package to version 4.0.4-28ubuntu2.1 (for Ubuntu 4.10), 4.0.4-29ubuntu1.1 (for Ubuntu 5.04), or 4.0.4-31ubuntu1.1 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams. Since lsb-rpm is statically linked against the zlib library, it is also affected by these issues. The updated packagages have been rebuilt against the fixed zlib. Please note that lsb-rpm is not officially supported (it is in the "universe" component of the archive).