RHSA-2003:081 - Security Advisory

Topic

Updated zlib packages that fix a buffer overflow vulnerability are now
available.

Description

Zlib is a general-purpose, patent-free, lossless data compression
library that is used by many different programs.

The function gzprintf within zlib, when called with a string longer than
Z_PRINTF_BUFZISE (= 4096 bytes), can overflow without giving a warning.

zlib-1.1.4 and earlier exhibit this behavior. There are no known exploits
of the gzprintf overrun, and only a few programs, including rpm2html
and gimp-print, are known to use the gzprintf function.

The problem has been fixed by checking the length of the output string
within gzprintf.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

Please note that this update is available via Red Hat Network. To use Red
Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

• Red Hat Enterprise Linux Server 2 ia64
• Red Hat Enterprise Linux Server 2 i386
• Red Hat Enterprise Linux Workstation 2 ia64
• Red Hat Enterprise Linux Workstation 2 i386

Fixes

CVEs

• CVE-2003-0107

References

(none)