Security Linux News for Mar 12, 2002
Red Hat Security Advisory: Vulnerability in zlib library (powertools) (Mar 12, 2002, 01:24)
"The following details apply to the Powertools distribution
only; for packages included with the main Red Hat Linux
distribution please see advisory RHSA-2002:026."
Red Hat Security Advisory: zlib (Mar 12, 2002, 01:17)
"Additionally, if you have any programs that you have compiled
yourself, you should check to see if they use zlib. If they link to
the shared zlib library then they will not be vulnerable once the
shared zlib library is updated to the errata package. However, if
any programs that decompress arbitrary data statically link to zlib
or use their own version of the zlib code internally, then they
need to be patched or recompiled."
SuSE Security Announcement: packages containing libz/zlib (Mar 12, 2002, 01:13)
This is the second announcement in the tandem-announcement about
libz/zlib: packages that link dynamically against the
system-provided compression library and packages that contain the
compression library in their own source distribution.
SuSE Security Announcement: libz/zlib (Mar 12, 2002, 01:11)
"An error in a decompression routine can corrupt the internal
data structures of malloc by a double call to the free() function.
If the data processed by the compression library is provided from
an untrusted source, it may be possible for an attacker to
interfere with the process using the zlib routines."
Debian Security Advisory: zlib, various (Mar 12, 2002, 00:40)
"The zlib vulnerability is fixed in the Debian zlib package
version 1.1.3-5.1. A number of programs either link statically to
zlib or include a private copy of zlib code. These programs must
also be upgraded to eliminate the zlib vulnerability. The affected
packages and fixed versions follow..."