Zlib is a general-purpose lossless data compression library that is used
by many different programs.
A previous zlib update, RHSA-2005:569 (CAN-2005-2096) fixed a flaw in zlib
that could allow a carefully crafted compressed stream to crash an
application. While the original patch corrected the reported overflow,
Markus Oberhumer discovered additional ways a stream could trigger an
overflow. An attacker could create a carefully crafted compressed stream
that would cause an application to crash if the stream is opened by a user.
As an example, an attacker could create a malicious PNG image file that
would cause a Web browser or mail viewer to crash if the image is viewed.
The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned
the name CAN-2005-1849 to this issue.
Note that the versions of zlib shipped with Red Hat Enterprise
Linux 2.1 and 3 are not vulnerable to this issue.
All users should update to these errata packages that contain a patch
from Mark Adler that corrects this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | ia64 | zlib-devel | < 1.2.1.2-1.2 | zlib-devel-1.2.1.2-1.2.ia64.rpm |
RedHat | any | i386 | zlib | < 1.2.1.2-1.2 | zlib-1.2.1.2-1.2.i386.rpm |
RedHat | any | ia64 | zlib | < 1.2.1.2-1.2 | zlib-1.2.1.2-1.2.ia64.rpm |
RedHat | any | i386 | zlib-devel | < 1.2.1.2-1.2 | zlib-devel-1.2.1.2-1.2.i386.rpm |
RedHat | any | x86_64 | zlib-devel | < 1.2.1.2-1.2 | zlib-devel-1.2.1.2-1.2.x86_64.rpm |
RedHat | any | src | zlib | < 1.2.1.2-1.2 | zlib-1.2.1.2-1.2.src.rpm |
RedHat | any | x86_64 | zlib | < 1.2.1.2-1.2 | zlib-1.2.1.2-1.2.x86_64.rpm |
RedHat | any | ppc64 | zlib | < 1.2.1.2-1.2 | zlib-1.2.1.2-1.2.ppc64.rpm |
RedHat | any | s390x | zlib-devel | < 1.2.1.2-1.2 | zlib-devel-1.2.1.2-1.2.s390x.rpm |
RedHat | any | ppc64 | zlib-devel | < 1.2.1.2-1.2 | zlib-devel-1.2.1.2-1.2.ppc64.rpm |