rhsa-2002:026
Vulnerability from csaf_redhat
Published
2002-03-11 20:15
Modified
2024-11-21 22:16
Summary
Red Hat Security Advisory: : : : Vulnerability in zlib library

Notes

Topic
[Update 20 Mar 2002: Added kernel packages for Red Hat Linux 6.2 on sparc64. Updated VNC packages as the previous fix caused another denial of service vulnerability; thanks to Const Kaplinsky for reporting this] [Update 14 Mar 2002: Updated kernel packages for Red Hat Linux 6.2 and 7.0 which were missing the zlib fix; added missing kernel-headers package for 6.2.] The zlib library provides in-memory compression/decompression functions. The library is widely used throughout Linux and other operating systems. While performing tests on the gdk-pixbuf library, Matthias Clasen created an invalid PNG image that caused libpng to crash. Upon further investigation, this turned out to be a bug in zlib 1.1.3 where certain types of input will cause zlib to free the same area of memory twice (called a "double free"). This bug can be used to crash any program that takes untrusted compressed input. Web browsers or email programs that display image attachments or other programs that uncompress data are particularly affected. This vulnerability makes it easy to perform various denial-of-service attacks against such programs. It is also possible that an attacker could manage a more significant exploit, since the result of a double free is the corruption of the malloc() implementation's data structures. This could include running arbitrary code on local or remote systems. Most packages in Red Hat Linux use the shared zlib library and can be protected against vulnerability by updating to the errata zlib package. However, we have identified a number of packages in Red Hat Linux that either statically link to zlib or contain an internal version of zlib code. Although no exploits for this issue or these packages are currently known to exist, this is a serious vulnerability which could be locally or remotely exploited. All users should upgrade affected packages immediately. Additionally, if you have any programs that you have compiled yourself, you should check to see if they use zlib. If they link to the shared zlib library then they will not be vulnerable once the shared zlib library is updated to the errata package. However, if any programs that decompress arbitrary data statically link to zlib or use their own version of the zlib code internally, then they need to be patched or recompiled.
Details
The following details apply to the main Red Hat Linux distribution only. Please see advisory RHSA-2002:027 for Powertools packages. cvs: cvs is a version control system. The cvs package has been rebuilt to link against the shared system zlib instead of the internal version. Additionally, cvs has been updated to version 1.11.1p1 for Red Hat Linux 6.2, 7.0 and 7.1 which also corrects a possible security vulnerability due to an improperly initialized global variable. (CAN-2002-0092) dump: The dump package contains programs for backing up and restoring filesystems. It links statically to zlib and has been rebuilt against the errata zlib package. Red Hat Linux 7, 7.1, and 7.2 packages have also been upgraded to dump-0.4b25, which includes many non-security fixes. gcc3: The gcc3 package contains the GNU Compiler Collection version 3.0. It has been updated to version 3.0.4 and patched to link against the system zlib instead of the internal version. libgcj: The libgcj package includes the Java runtime library, which is needed to run Java programs compiled using the gcc Java compiler (gcj). libgcj has been patched to use the shared system zlib. kernel: The Linux kernel internally contains several variants of zlib code. However, ppp compression is the only implementation that is used with untrusted data streams. This issue has been patched. New kernel errata packages are included for Red Hat Linux 6.2 and 7. Users of Red Hat Linux 7.1, or 7.2 should update to the currently released kernel errata RHSA-2002-028 (2.4.9-31) which already contains this fix. Netscape Navigator: Users are advised to obtain an update from Netscape. rsync: rsync is a program for synchronizing files over a network. rsync uses a modified version of zlib internally. These errata packages patch this internal version of zlib. The rsync update package also fixes another security issue where rsync did not call setgroups() before dropping the privileges of the connecting user. Hence, it is possible for users to retain the group IDs of any supplemental groups that rsync was started in (for example, supplementary groups of the root user), allowing users to access files they may not otherwise be able to access. Thanks to Martin Pool and Andrew Tridgell for alerting us to this issue. CAN-2002-0080. VNC: VNC is a remote display system in Powertools 6.2. VNC has been patched to use the system zlib library. In addition, there is a small HTTP server implementation in the VNC server which can be made to wait indefinitely for input, thereby freezing an active VNC session. The VNC packages recommended by this advisory have been patched to fix this issue. Users of VNC should be aware that the program is designed for use on a trusted network. zlib: The zlib library has been updated with a patch to fix the aforementioned vulnerability.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.


To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "[Update 20 Mar 2002:\nAdded kernel packages for Red Hat Linux 6.2 on sparc64.  Updated VNC\npackages as the previous fix caused another denial of service\nvulnerability; thanks to Const Kaplinsky for reporting this]\n\n[Update 14 Mar 2002: \nUpdated kernel packages for Red Hat Linux 6.2 and 7.0 which were missing \nthe zlib fix; added missing kernel-headers package for 6.2.]\n \nThe zlib library provides in-memory compression/decompression \nfunctions. The library is widely used throughout Linux and other \noperating \nsystems. \n \nWhile performing tests on the gdk-pixbuf library, Matthias Clasen created \nan invalid PNG image that caused libpng to crash. Upon further \ninvestigation, this turned out to be a bug in zlib 1.1.3 where certain \ntypes of input will cause zlib to free the same area of memory twice \n(called a \"double free\"). \n \nThis bug can be used to crash any program that takes untrusted \ncompressed input. Web browsers or email programs that \ndisplay image attachments or other programs that uncompress data are \nparticularly affected. This vulnerability makes it easy to perform \nvarious \ndenial-of-service attacks against such programs.  \n \nIt is also possible that an attacker could manage a more significant \nexploit, since the result of a double free is the corruption of the \nmalloc() implementation\u0027s data structures. This could include running \narbitrary code on local or remote systems. \n \nMost packages in Red Hat Linux use the shared zlib library and can be \nprotected against vulnerability by updating to the errata zlib \npackage. However, we have identified a number of packages in Red Hat \nLinux that either statically link to zlib or contain an internal \nversion of zlib code. \n \nAlthough no exploits for this issue or these packages are currently \nknown to exist, this is a serious vulnerability which could be \nlocally or remotely exploited. All users should upgrade affected packages \nimmediately. \n \nAdditionally, if you have any programs that you have compiled yourself, \nyou should check to see if they use zlib. If they link to the shared \nzlib library then they will not be vulnerable once the shared zlib \nlibrary is updated to the errata package. However, if any programs that \ndecompress arbitrary data statically link to zlib or use their own \nversion \nof the zlib code internally, then they need to be patched or \nrecompiled.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The following details apply to the main Red Hat Linux distribution\nonly. Please see advisory RHSA-2002:027 for Powertools packages.\n\ncvs: cvs is a version control system. The cvs package has been rebuilt to\nlink against the shared system zlib instead of the internal version. \n\nAdditionally, cvs has been updated to version 1.11.1p1 for Red Hat Linux\n6.2, 7.0 and 7.1 which also corrects a possible security vulnerability due\nto an improperly initialized global variable. (CAN-2002-0092)\n\ndump: The dump package contains programs for backing up and restoring\nfilesystems.  It links statically to zlib and has been rebuilt\nagainst the errata zlib package.  Red Hat Linux 7, 7.1, and 7.2\npackages have also been upgraded to dump-0.4b25, which includes\nmany non-security fixes.\n\ngcc3: The gcc3 package contains the GNU Compiler Collection version\n3.0. It has been updated to version 3.0.4 and patched to link against\nthe system zlib instead of the internal version.\n\nlibgcj: The libgcj package includes the Java runtime library, which is\nneeded to run Java programs compiled using the gcc Java compiler\n(gcj).  libgcj has been patched to use the shared system zlib.\n\nkernel: The Linux kernel internally contains several variants of zlib \ncode. However, ppp compression is the only implementation that is used with\nuntrusted data streams.  This issue has been patched.  New kernel errata\npackages are included for Red Hat Linux 6.2 and 7.  \n\nUsers of Red Hat Linux 7.1, or 7.2 should update to the currently\nreleased kernel errata RHSA-2002-028 (2.4.9-31) which already contains this\nfix.\n\nNetscape Navigator: Users are advised to obtain an update from Netscape.\n\nrsync: rsync is a program for synchronizing files over a network.\nrsync uses a modified version of zlib internally. These errata\npackages patch this internal version of zlib.\n\nThe rsync update package also fixes another security issue where rsync did\nnot call setgroups() before dropping the privileges of the connecting user.\nHence, it is possible for users to retain the group IDs of any supplemental\ngroups that rsync was started in (for example, supplementary groups of the\nroot user), allowing users to access files they may not otherwise be able\nto access.  Thanks to Martin Pool and Andrew Tridgell for alerting us to\nthis issue. CAN-2002-0080.\n\nVNC: VNC is a remote display system in Powertools 6.2.  VNC has been\npatched to use the system zlib library.  \n\nIn addition, there is a small HTTP server implementation in the VNC server\nwhich can be made to wait indefinitely for input, thereby freezing an\nactive VNC session. The VNC packages recommended by this advisory have\nbeen patched to fix this issue. Users of VNC should be aware that the\nprogram is designed for use on a trusted network.\n\nzlib: The zlib library has been updated with a patch to fix the\naforementioned vulnerability.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2002:026",
        "url": "https://access.redhat.com/errata/RHSA-2002:026"
      },
      {
        "category": "external",
        "summary": "http://bugzilla.gnome.org/show_bug.cgi?id=70594",
        "url": "http://bugzilla.gnome.org/show_bug.cgi?id=70594"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_026.json"
      }
    ],
    "title": "Red Hat Security Advisory: : : : Vulnerability in zlib library",
    "tracking": {
      "current_release_date": "2024-11-21T22:16:52+00:00",
      "generator": {
        "date": "2024-11-21T22:16:52+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2002:026",
      "initial_release_date": "2002-03-11T20:15:00+00:00",
      "revision_history": [
        {
          "date": "2002-03-11T20:15:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2002-03-11T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:16:52+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Linux 6.2",
                "product": {
                  "name": "Red Hat Linux 6.2",
                  "product_id": "Red Hat Linux 6.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:6.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.0",
                "product": {
                  "name": "Red Hat Linux 7.0",
                  "product_id": "Red Hat Linux 7.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.1",
                "product": {
                  "name": "Red Hat Linux 7.1",
                  "product_id": "Red Hat Linux 7.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.2",
                "product": {
                  "name": "Red Hat Linux 7.2",
                  "product_id": "Red Hat Linux 7.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2002-0059",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2002-03-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616731"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a \"double free\"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "zlib: Double free in inflateEnd",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 6.2",
          "Red Hat Linux 7.0",
          "Red Hat Linux 7.1",
          "Red Hat Linux 7.2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0059"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616731",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616731"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0059",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0059"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0059",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0059"
        }
      ],
      "release_date": "2002-03-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-03-11T20:15:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nThe procedure for upgrading the kernel is documented at:\n\n     http://www.redhat.com/support/docs/howto/kernel-upgrade/\n\nPlease read the directions for your architecture carefully before\nproceeding with the kernel upgrade.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Linux 6.2",
            "Red Hat Linux 7.0",
            "Red Hat Linux 7.1",
            "Red Hat Linux 7.2"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:026"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Linux 6.2",
            "Red Hat Linux 7.0",
            "Red Hat Linux 7.1",
            "Red Hat Linux 7.2"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "zlib: Double free in inflateEnd"
    },
    {
      "cve": "CVE-2002-0080",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616738"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 6.2",
          "Red Hat Linux 7.0",
          "Red Hat Linux 7.1",
          "Red Hat Linux 7.2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0080"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616738",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616738"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0080",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0080"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0080",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0080"
        }
      ],
      "release_date": "2002-03-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-03-11T20:15:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nThe procedure for upgrading the kernel is documented at:\n\n     http://www.redhat.com/support/docs/howto/kernel-upgrade/\n\nPlease read the directions for your architecture carefully before\nproceeding with the kernel upgrade.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Linux 6.2",
            "Red Hat Linux 7.0",
            "Red Hat Linux 7.1",
            "Red Hat Linux 7.2"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:026"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2002-0092",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616742"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "CVS before 1.10.8 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (server crash) via the diff capability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 6.2",
          "Red Hat Linux 7.0",
          "Red Hat Linux 7.1",
          "Red Hat Linux 7.2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0092"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616742",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616742"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0092",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0092"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0092",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0092"
        }
      ],
      "release_date": "2002-02-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-03-11T20:15:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nThe procedure for upgrading the kernel is documented at:\n\n     http://www.redhat.com/support/docs/howto/kernel-upgrade/\n\nPlease read the directions for your architecture carefully before\nproceeding with the kernel upgrade.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Linux 6.2",
            "Red Hat Linux 7.0",
            "Red Hat Linux 7.1",
            "Red Hat Linux 7.2"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:026"
        }
      ],
      "title": "security flaw"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.