| Revision Date: | 2005-07-21 | Version: | 502 |
| Title: | RHSA-2005:584: zlib security update (Important) |
| Description: | Zlib is a general-purpose lossless data compression library that is used by many different programs.
A previous zlib update, RHSA-2005:569 (CAN-2005-2096) fixed a flaw in zlib that could allow a carefully crafted compressed stream to crash an application. While the original patch corrected the reported overflow, Markus Oberhumer discovered additional ways a stream could trigger an overflow. An attacker could create a carefully crafted compressed stream that would cause an application to crash if the stream is opened by a user. As an example, an attacker could create a malicious PNG image file that would cause a Web browser or mail viewer to crash if the image is viewed. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CAN-2005-1849 to this issue.
Note that the versions of zlib shipped with Red Hat Enterprise Linux 2.1 and 3 are not vulnerable to this issue.
All users should update to these errata packages that contain a patch from Mark Adler that corrects this issue.
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | CVE-2005-1849
RHSA-2005:584-01
|
| Platform(s): | Red Hat Enterprise Linux 4
| Product(s): | |
| Definition Synopsis |
| Red Hat Enterprise Linux 4 is installed AND Package Information
zlib is earlier than 0:1.2.1.2-1.2
AND zlib is signed with Red Hat master key
OR
zlib-devel is earlier than 0:1.2.1.2-1.2
AND zlib-devel is signed with Red Hat master key
|