Support / Sécurité / Annonces de sécurité / Corporate Server 1.0.1 / MDKSA-2002:022

Nom du paquet: zlib
Date: 2002-03-12
Advisory ID: MDKSA-2002:022
Affected versions: 8.1 i586 , SNF7.2 i586 , CS1.0 i586 , 8.1 i586 , 8.0 i586 , 8.0 i586 , 7.1 i586 , 7.2 i586

Problem description

Matthias Clasen found a security issue in zlib that, when provided with certain input, causes zlib to free an area of memory twice. This "double free" bug can be used to crash any programs that take untrusted compressed input, such as web browsers, email clients, image viewing software, etc. This vulnerability can be used to perform Denial of Service attacks and, quite possibly, the execution of arbitrary code on the affected system. MandrakeSoft has published two advisories concerning this incident: MDKSA-2002:022 - zlib MDKSA-2002:023 - packages containing zlib The second advisory contains additional packages that bring their own copies of the zlib source, and as such need to be fixed and rebuilt. Updating the zlib library is sufficient to protect those programs that use the system zlib, but the packages as noted in MDKSA-2002:023 will need to be updated for those packages that do not use the system zlib.

Updated packages

8.1 i586

 c25baf28293b0619fad97c863e953103  ia64/8.1/RPMS/zlib1-1.1.3-16.1mdk.ia64.rpm
10000858776526410b0d3526f1157909  ia64/8.1/RPMS/zlib1-devel-1.1.3-16.1mdk.ia64.rpm
582b5dd80b2ff9f24ed274fbc82c5c19  ia64/8.1/SRPMS/zlib-1.1.3-16.1mdk.src.rpm

SNF7.2 i586

 e23855800a5f9933217e6c94f2c93069  snf7.2/RPMS/zlib-1.1.3-11.1mdk.i586.rpm
f39c0455f8d0ae276cb5417dcfb3aa00  snf7.2/RPMS/zlib-devel-1.1.3-11.1mdk.i586.rpm
2e24e2958c0663378635ede5f8ca4d83  snf7.2/SRPMS/zlib-1.1.3-11.1mdk.src.rpm

CS1.0 i586

 7921c049e634ae5bde97e963aa47d22b  1.0.1/RPMS/zlib-1.1.3-11.1mdk.i586.rpm
5146bc0863db8692475887884d4ee66a  1.0.1/RPMS/zlib-devel-1.1.3-11.1mdk.i586.rpm
2e24e2958c0663378635ede5f8ca4d83  1.0.1/SRPMS/zlib-1.1.3-11.1mdk.src.rpm

8.1 i586

 6dca9c0ff7dac9759d735150139182da  8.1/RPMS/zlib1-1.1.3-16.1mdk.i586.rpm
320d06d5f1acc841965ad6c16db396cf  8.1/RPMS/zlib1-devel-1.1.3-16.1mdk.i586.rpm
582b5dd80b2ff9f24ed274fbc82c5c19  8.1/SRPMS/zlib-1.1.3-16.1mdk.src.rpm

8.0 i586

 58775896267f0454e554578c732e685c  8.0/RPMS/zlib1-1.1.3-16.1mdk.i586.rpm
8917338feb592dad773cb6b3feac0d91  8.0/RPMS/zlib1-devel-1.1.3-16.1mdk.i586.rpm
582b5dd80b2ff9f24ed274fbc82c5c19  8.0/SRPMS/zlib-1.1.3-16.1mdk.src.rpm

8.0 i586

 939ed423af6fc514e4bde2dfc519ea13  ppc/8.0/RPMS/zlib1-1.1.3-16.1mdk.ppc.rpm
f8efcbf6e55e2774fbd98b67ffe9838f  ppc/8.0/RPMS/zlib1-devel-1.1.3-16.1mdk.ppc.rpm
582b5dd80b2ff9f24ed274fbc82c5c19  ppc/8.0/SRPMS/zlib-1.1.3-16.1mdk.src.rpm

7.1 i586

 7921c049e634ae5bde97e963aa47d22b  7.1/RPMS/zlib-1.1.3-11.1mdk.i586.rpm
5146bc0863db8692475887884d4ee66a  7.1/RPMS/zlib-devel-1.1.3-11.1mdk.i586.rpm
2e24e2958c0663378635ede5f8ca4d83  7.1/SRPMS/zlib-1.1.3-11.1mdk.src.rpm

7.2 i586

 e23855800a5f9933217e6c94f2c93069  7.2/RPMS/zlib-1.1.3-11.1mdk.i586.rpm
f39c0455f8d0ae276cb5417dcfb3aa00  7.2/RPMS/zlib-devel-1.1.3-11.1mdk.i586.rpm
2e24e2958c0663378635ede5f8ca4d83  7.2/SRPMS/zlib-1.1.3-11.1mdk.src.rpm

MDKSA-2002:022

Problem description

Updated packages

8.1 i586

SNF7.2 i586

CS1.0 i586

8.1 i586

8.0 i586

8.0 i586

7.1 i586

7.2 i586

References