Red Hat Product Errata RHSA-2005:569 - Security Advisory

Issued:: 2005-07-06
Updated:: 2005-07-06

RHSA-2005:569 - Security Advisory

Overview
Updated Packages

Synopsis

zlib security update

Type/Severity

Security Advisory: Important

Topic

Updated Zlib packages that fix a buffer overflow are now available for Red
Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

Zlib is a general-purpose lossless data compression library which is used
by many different programs.

Tavis Ormandy discovered a buffer overflow affecting Zlib version 1.2 and
above. An attacker could create a carefully crafted compressed stream that
would cause an application to crash if the stream is opened by a user. As
an example, an attacker could create a malicious PNG image file which would
cause a web browser or mail viewer to crash if the image is viewed. The
Common Vulnerabilities and Exposures project assigned the name
CAN-2005-2096 to this issue.

Please note that the versions of Zlib as shipped with Red Hat Enterprise
Linux 2.1 and 3 are not vulnerable to this issue.

All users should update to these erratum packages which contain a patch
from Mark Adler which corrects this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc

Fixes

(none)

CVEs

CVE-2005-2096

References

(none)

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
zlib-1.2.1.2-1.1.src.rpm	SHA-256: ee5db501b9ec58e76989d117b9abf7a860a7c2e3da7e34bf2f18ec03bdcd0e67
x86_64
zlib-1.2.1.2-1.1.i386.rpm	SHA-256: e9e38d8ad9eb17b97dc4457d30b1c2dd72529b95341ec0689a6f74326c75b57a
zlib-1.2.1.2-1.1.i386.rpm	SHA-256: e9e38d8ad9eb17b97dc4457d30b1c2dd72529b95341ec0689a6f74326c75b57a
zlib-1.2.1.2-1.1.x86_64.rpm	SHA-256: 8d0fd822d0a164dae84ffb458ffa773cacc3a1fcf41d19eb1b6bc4ecf2e393fa
zlib-1.2.1.2-1.1.x86_64.rpm	SHA-256: 8d0fd822d0a164dae84ffb458ffa773cacc3a1fcf41d19eb1b6bc4ecf2e393fa
zlib-devel-1.2.1.2-1.1.i386.rpm	SHA-256: 30ec95336d1926b03f7a27428d8719c3ad7a54bfab151a1913be2c9010ce1607
zlib-devel-1.2.1.2-1.1.i386.rpm	SHA-256: 30ec95336d1926b03f7a27428d8719c3ad7a54bfab151a1913be2c9010ce1607
zlib-devel-1.2.1.2-1.1.x86_64.rpm	SHA-256: b72f81596d37c27ed1affd707da3b801132f336593fc84b7df5594924e086011
zlib-devel-1.2.1.2-1.1.x86_64.rpm	SHA-256: b72f81596d37c27ed1affd707da3b801132f336593fc84b7df5594924e086011
ia64
zlib-1.2.1.2-1.1.i386.rpm	SHA-256: e9e38d8ad9eb17b97dc4457d30b1c2dd72529b95341ec0689a6f74326c75b57a
zlib-1.2.1.2-1.1.i386.rpm	SHA-256: e9e38d8ad9eb17b97dc4457d30b1c2dd72529b95341ec0689a6f74326c75b57a
zlib-1.2.1.2-1.1.ia64.rpm	SHA-256: 8f261d018aa561adc1a5fd3d2731710d316d2a4bd50bec38d54ba679872540fb
zlib-1.2.1.2-1.1.ia64.rpm	SHA-256: 8f261d018aa561adc1a5fd3d2731710d316d2a4bd50bec38d54ba679872540fb
zlib-devel-1.2.1.2-1.1.ia64.rpm	SHA-256: 26f69757f9463083ec6ac4e51c4d5da7d0375f8714193f474a74d21126efa67c
zlib-devel-1.2.1.2-1.1.ia64.rpm	SHA-256: 26f69757f9463083ec6ac4e51c4d5da7d0375f8714193f474a74d21126efa67c
i386
zlib-1.2.1.2-1.1.i386.rpm	SHA-256: e9e38d8ad9eb17b97dc4457d30b1c2dd72529b95341ec0689a6f74326c75b57a
zlib-1.2.1.2-1.1.i386.rpm	SHA-256: e9e38d8ad9eb17b97dc4457d30b1c2dd72529b95341ec0689a6f74326c75b57a
zlib-devel-1.2.1.2-1.1.i386.rpm	SHA-256: 30ec95336d1926b03f7a27428d8719c3ad7a54bfab151a1913be2c9010ce1607
zlib-devel-1.2.1.2-1.1.i386.rpm	SHA-256: 30ec95336d1926b03f7a27428d8719c3ad7a54bfab151a1913be2c9010ce1607

Red Hat Enterprise Linux Workstation 4

SRPM
zlib-1.2.1.2-1.1.src.rpm	SHA-256: ee5db501b9ec58e76989d117b9abf7a860a7c2e3da7e34bf2f18ec03bdcd0e67
x86_64
zlib-1.2.1.2-1.1.i386.rpm	SHA-256: e9e38d8ad9eb17b97dc4457d30b1c2dd72529b95341ec0689a6f74326c75b57a
zlib-1.2.1.2-1.1.x86_64.rpm	SHA-256: 8d0fd822d0a164dae84ffb458ffa773cacc3a1fcf41d19eb1b6bc4ecf2e393fa
zlib-devel-1.2.1.2-1.1.i386.rpm	SHA-256: 30ec95336d1926b03f7a27428d8719c3ad7a54bfab151a1913be2c9010ce1607
zlib-devel-1.2.1.2-1.1.x86_64.rpm	SHA-256: b72f81596d37c27ed1affd707da3b801132f336593fc84b7df5594924e086011
ia64
zlib-1.2.1.2-1.1.i386.rpm	SHA-256: e9e38d8ad9eb17b97dc4457d30b1c2dd72529b95341ec0689a6f74326c75b57a
zlib-1.2.1.2-1.1.ia64.rpm	SHA-256: 8f261d018aa561adc1a5fd3d2731710d316d2a4bd50bec38d54ba679872540fb
zlib-devel-1.2.1.2-1.1.ia64.rpm	SHA-256: 26f69757f9463083ec6ac4e51c4d5da7d0375f8714193f474a74d21126efa67c
i386
zlib-1.2.1.2-1.1.i386.rpm	SHA-256: e9e38d8ad9eb17b97dc4457d30b1c2dd72529b95341ec0689a6f74326c75b57a
zlib-devel-1.2.1.2-1.1.i386.rpm	SHA-256: 30ec95336d1926b03f7a27428d8719c3ad7a54bfab151a1913be2c9010ce1607

Red Hat Enterprise Linux Desktop 4

SRPM
zlib-1.2.1.2-1.1.src.rpm	SHA-256: ee5db501b9ec58e76989d117b9abf7a860a7c2e3da7e34bf2f18ec03bdcd0e67
x86_64
zlib-1.2.1.2-1.1.i386.rpm	SHA-256: e9e38d8ad9eb17b97dc4457d30b1c2dd72529b95341ec0689a6f74326c75b57a
zlib-1.2.1.2-1.1.x86_64.rpm	SHA-256: 8d0fd822d0a164dae84ffb458ffa773cacc3a1fcf41d19eb1b6bc4ecf2e393fa
zlib-devel-1.2.1.2-1.1.i386.rpm	SHA-256: 30ec95336d1926b03f7a27428d8719c3ad7a54bfab151a1913be2c9010ce1607
zlib-devel-1.2.1.2-1.1.x86_64.rpm	SHA-256: b72f81596d37c27ed1affd707da3b801132f336593fc84b7df5594924e086011
i386
zlib-1.2.1.2-1.1.i386.rpm	SHA-256: e9e38d8ad9eb17b97dc4457d30b1c2dd72529b95341ec0689a6f74326c75b57a
zlib-devel-1.2.1.2-1.1.i386.rpm	SHA-256: 30ec95336d1926b03f7a27428d8719c3ad7a54bfab151a1913be2c9010ce1607

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
zlib-1.2.1.2-1.1.src.rpm	SHA-256: ee5db501b9ec58e76989d117b9abf7a860a7c2e3da7e34bf2f18ec03bdcd0e67
s390x
zlib-1.2.1.2-1.1.s390.rpm	SHA-256: 09dc62cd25d4f6f15856fb0d061cccabe3ccb5d3a96bdeec580534606d11cd73
zlib-1.2.1.2-1.1.s390x.rpm	SHA-256: 09dd97e17bfc5e838a142434dfd41500efa5a521138e82331f59623b3e74befb
zlib-devel-1.2.1.2-1.1.s390.rpm	SHA-256: e4139ed3d8f45b048dff2eb1bfd508ffc212c9da31255a64f322ecfc41069133
zlib-devel-1.2.1.2-1.1.s390x.rpm	SHA-256: 6b3602cb2c3b31d9cb620b36ef4c53e20c9004e72797f91d1da284a13c7292e0
s390
zlib-1.2.1.2-1.1.s390.rpm	SHA-256: 09dc62cd25d4f6f15856fb0d061cccabe3ccb5d3a96bdeec580534606d11cd73
zlib-devel-1.2.1.2-1.1.s390.rpm	SHA-256: e4139ed3d8f45b048dff2eb1bfd508ffc212c9da31255a64f322ecfc41069133

Red Hat Enterprise Linux for Power, big endian 4

SRPM
zlib-1.2.1.2-1.1.src.rpm	SHA-256: ee5db501b9ec58e76989d117b9abf7a860a7c2e3da7e34bf2f18ec03bdcd0e67
ppc
zlib-1.2.1.2-1.1.ppc.rpm	SHA-256: 1253b782feb91e4385487dc5503730e328e0b29d7ebc71d210a4a5736d61e503
zlib-1.2.1.2-1.1.ppc64.rpm	SHA-256: 09162df3944eca4c75b8bbf11c6030364213bd84fd02d407f1721e9ec8202fda
zlib-devel-1.2.1.2-1.1.ppc.rpm	SHA-256: 4c5229c8787c2992b0a47d3edf605855f9eede148c33f56526746ec2089ec945
zlib-devel-1.2.1.2-1.1.ppc64.rpm	SHA-256: 0ef87a5255372da8942a93c38ad318bd4d1ea494b8ffb78d78adf0f66ad613e7

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories