Security Advisory zlib security update

Advisory: RHSA-2005:584-07
Type: Security Advisory
Severity: Important
Issued on: 2005-07-21
Last updated on: 2005-07-21
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
OVAL: N/A
CVEs (cve.mitre.org): CVE-2005-1849

Details

Updated zlib packages that fix a buffer overflow are now available for Red
Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Zlib is a general-purpose lossless data compression library that is used
by many different programs.

A previous zlib update, RHSA-2005:569 (CAN-2005-2096) fixed a flaw in zlib
that could allow a carefully crafted compressed stream to crash an
application. While the original patch corrected the reported overflow,
Markus Oberhumer discovered additional ways a stream could trigger an
overflow. An attacker could create a carefully crafted compressed stream
that would cause an application to crash if the stream is opened by a user.
As an example, an attacker could create a malicious PNG image file that
would cause a Web browser or mail viewer to crash if the image is viewed.
The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned
the name CAN-2005-1849 to this issue.

Note that the versions of zlib shipped with Red Hat Enterprise
Linux 2.1 and 3 are not vulnerable to this issue.

All users should update to these errata packages that contain a patch
from Mark Adler that corrects this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 4)
SRPMS:
zlib-1.2.1.2-1.2.src.rpm     53285b12c3dd5df4124d06fb883babad
 
IA-32:
zlib-1.2.1.2-1.2.i386.rpm     30f929114a8ea2b081ce351d3d246d28
zlib-devel-1.2.1.2-1.2.i386.rpm     bf96769c3fb67abb62f3bc4d0b0a0d5e
 
x86_64:
zlib-1.2.1.2-1.2.i386.rpm     30f929114a8ea2b081ce351d3d246d28
zlib-1.2.1.2-1.2.x86_64.rpm     2888c31cba9b579a69c08fb52a6464b3
zlib-devel-1.2.1.2-1.2.i386.rpm     bf96769c3fb67abb62f3bc4d0b0a0d5e
zlib-devel-1.2.1.2-1.2.x86_64.rpm     9c789749e4d9a8e051f884cc29f307aa
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
zlib-1.2.1.2-1.2.src.rpm     53285b12c3dd5df4124d06fb883babad
 
IA-32:
zlib-1.2.1.2-1.2.i386.rpm     30f929114a8ea2b081ce351d3d246d28
zlib-devel-1.2.1.2-1.2.i386.rpm     bf96769c3fb67abb62f3bc4d0b0a0d5e
 
IA-64:
zlib-1.2.1.2-1.2.i386.rpm     30f929114a8ea2b081ce351d3d246d28
zlib-1.2.1.2-1.2.ia64.rpm     1312f81b44238af7a12e6d129c2a4214
zlib-devel-1.2.1.2-1.2.ia64.rpm     8c33f481ebacb03cd7e4a14260ca99fe
 
PPC:
zlib-1.2.1.2-1.2.ppc.rpm     d9cd4122eccc130ec2a6d7c64444c3b9
zlib-1.2.1.2-1.2.ppc64.rpm     c2191b6f367b068c5aadad73bbf22c5c
zlib-devel-1.2.1.2-1.2.ppc.rpm     961c16ee93912237b347328f73fa3c9b
zlib-devel-1.2.1.2-1.2.ppc64.rpm     235b2aec2af9595771b10218ec467635
 
s390:
zlib-1.2.1.2-1.2.s390.rpm     7efc2375f317b93d57d360cd4ac5a296
zlib-devel-1.2.1.2-1.2.s390.rpm     942b1745f31f9719a6c0a8d5c7fef689
 
s390x:
zlib-1.2.1.2-1.2.s390.rpm     7efc2375f317b93d57d360cd4ac5a296
zlib-1.2.1.2-1.2.s390x.rpm     2fddcbebe2083e23a16353719f241c44
zlib-devel-1.2.1.2-1.2.s390.rpm     942b1745f31f9719a6c0a8d5c7fef689
zlib-devel-1.2.1.2-1.2.s390x.rpm     6797b66922691f00c5f6c1454c2522fe
 
x86_64:
zlib-1.2.1.2-1.2.i386.rpm     30f929114a8ea2b081ce351d3d246d28
zlib-1.2.1.2-1.2.x86_64.rpm     2888c31cba9b579a69c08fb52a6464b3
zlib-devel-1.2.1.2-1.2.i386.rpm     bf96769c3fb67abb62f3bc4d0b0a0d5e
zlib-devel-1.2.1.2-1.2.x86_64.rpm     9c789749e4d9a8e051f884cc29f307aa
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
zlib-1.2.1.2-1.2.src.rpm     53285b12c3dd5df4124d06fb883babad
 
IA-32:
zlib-1.2.1.2-1.2.i386.rpm     30f929114a8ea2b081ce351d3d246d28
zlib-devel-1.2.1.2-1.2.i386.rpm     bf96769c3fb67abb62f3bc4d0b0a0d5e
 
IA-64:
zlib-1.2.1.2-1.2.i386.rpm     30f929114a8ea2b081ce351d3d246d28
zlib-1.2.1.2-1.2.ia64.rpm     1312f81b44238af7a12e6d129c2a4214
zlib-devel-1.2.1.2-1.2.ia64.rpm     8c33f481ebacb03cd7e4a14260ca99fe
 
x86_64:
zlib-1.2.1.2-1.2.i386.rpm     30f929114a8ea2b081ce351d3d246d28
zlib-1.2.1.2-1.2.x86_64.rpm     2888c31cba9b579a69c08fb52a6464b3
zlib-devel-1.2.1.2-1.2.i386.rpm     bf96769c3fb67abb62f3bc4d0b0a0d5e
zlib-devel-1.2.1.2-1.2.x86_64.rpm     9c789749e4d9a8e051f884cc29f307aa
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
zlib-1.2.1.2-1.2.src.rpm     53285b12c3dd5df4124d06fb883babad
 
IA-32:
zlib-1.2.1.2-1.2.i386.rpm     30f929114a8ea2b081ce351d3d246d28
zlib-devel-1.2.1.2-1.2.i386.rpm     bf96769c3fb67abb62f3bc4d0b0a0d5e
 
IA-64:
zlib-1.2.1.2-1.2.i386.rpm     30f929114a8ea2b081ce351d3d246d28
zlib-1.2.1.2-1.2.ia64.rpm     1312f81b44238af7a12e6d129c2a4214
zlib-devel-1.2.1.2-1.2.ia64.rpm     8c33f481ebacb03cd7e4a14260ca99fe
 
x86_64:
zlib-1.2.1.2-1.2.i386.rpm     30f929114a8ea2b081ce351d3d246d28
zlib-1.2.1.2-1.2.x86_64.rpm     2888c31cba9b579a69c08fb52a6464b3
zlib-devel-1.2.1.2-1.2.i386.rpm     bf96769c3fb67abb62f3bc4d0b0a0d5e
zlib-devel-1.2.1.2-1.2.x86_64.rpm     9c789749e4d9a8e051f884cc29f307aa
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

163037 - CAN-2005-1849 zlib buffer overflow


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1849

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/