Date: Mon, 11 Mar 2002 15:44:24 -0600 From: D J Hawkey Jr <hawkeyd@visi.com> To: security at FreeBSD <freebsd-security@freebsd.org> Subject: RedHat advisory - RHSA-2002:026-35 zlib double free -- Is this 4.5-R-p1? Message-ID: <20020311154424.A22882@sheol.localdomain>
next in thread | raw e-mail | index | archive | help
As the subjext asks, does the 4.5-RELEASE-p1 "zlib inflate error handling"
fix the bug addressed by the RH advisory, or is FreeBSD's zlib vulnerable?
The relevant portion of the RH advisory:
---8<---
The zlib library provides in-memory compression/decompression
functions. The library is widely used throughout Linux and other operating
systems.
While performing tests on the gdk-pixbuf library, Matthias Clasen created
an invalid PNG image that caused libpng to crash. Upon further
investigation, this turned out to be a bug in zlib 1.1.3 where certain
types of input will cause zlib to free the same area of memory twice
(called a "double free").
This bug can be used to crash any program that takes untrusted
compressed input. Web browsers or email programs that
display image attachments or other programs that uncompress data are
particularly affected. This vulnerability makes it easy to perform various
denial-of-service attacks against such programs.
It is also possible that an attacker could manage a more significant
exploit, since the result of a double free is the corruption of the
malloc() implementation's data structures. This could include running
arbitrary code on local or remote systems.
Most packages in Red Hat Linux use the shared zlib library and can be
protected against vulnerability by updating to the errata zlib
package. However, we have identified a number of packages in Red Hat
Linux that either statically link to zlib or contain an internal
version of zlib code.
Although no exploits for this issue or these packages are currently
known to exist, this is a serious vulnerability which could be
locally or remotely exploited. All users should upgrade affected packages
immediately.
--->8---
Dave
--
______________________ ______________________
\__________________ \ D. J. HAWKEY JR. / __________________/
\________________/\ hawkeyd@visi.com /\________________/
http://www.visi.com/~hawkeyd/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020311154424.A22882>