rhsa-2002:027
Vulnerability from csaf_redhat
Published
2002-03-11 18:09
Modified
2024-11-21 22:16
Summary
Red Hat Security Advisory: : Vulnerability in zlib library (powertools)

Notes

Topic
[Update 20 Mar 2002: VNC packages updated to fix another denial of service vulnerability caused by the previous update. Thanks to Const Kaplinsky for discovering this issue.] The zlib compression library provides in-memory compression and decompression functions. It is widely used throughout Linux and other operating systems. While performing tests on the gdk-pixbuf library, Matthias Clasen created an invalid PNG image that caused libpng to crash. Upon further investigation, this turned out to be a bug in zlib 1.1.3. Certain input will cause zlib to free an area of memory twice (also called a "double free"). This bug can be used to crash any program that takes untrusted compressed input. Web browsers or email programs that display image attachments or other programs that uncompress data are particularly affected. This vulnerability makes it easy to perform various denial-of-service attacks against such programs. However, since the result of a double free is the corruption of the malloc implementation's data structures, it is possible that an attacker could manage a more significant exploit, such as running arbitrary code on the affected system.
Details
Most of the packages in Red Hat Linux use the shared zlib library and can be protected against vulnerability by updating to the errata zlib package. However, there have been a number of packages identified in Red Hat Linux that either statically link to zlib or contain an internal version of zlib code. Although no exploits for this issue or the affected packages are currently known to exist, this is a serious vulnerability that could be locally or remotely exploited. All users should upgrade affected packages immediately. Additionally, if you have any programs that you have compiled yourself you should check to see if they use zlib. If they link to the shared zlib library then they will not be vulnerable once the shared zlib library is updated to the errata package. If any programs that decompress arbitrary data either statically link to zlib or use their own version of the zlib code internally, then they need to be patched or recompiled. The following details apply to the Powertools distribution only; for packages included with the main Red Hat Linux distribution please see advisory RHSA-2002:026 abiword: Powertools 6.2 shipped with both statically and dynamically linked versions of AbiWord. The statically linked version is linked against the vulnerable zlib. It is recommended that users only use the dynamic version. acroread: The acroread package in Powertools 7.0 contains Acrobat Reader, a PDF viewer. This package contains an internal version of zlib which may be vulnerable. An update is not yet available, so users are advised to view PDF documents using xpdf or ghostview. amaya: Amaya is a Web browser/authoring tool. Amaya in Powertools 7.1 has been patched to use the system zlib, libjpeg, and libpng libraries instead of the internal static versions. flash: The flash package in Powertools 6.2 and 7.0 contains an unofficial Shockwave(TM) Flash2/Flash3 plug-in for Netscape which uses an internal version of zlib. This plug-in conflicts with the official flash plug-in included in the netscape package and should not be used. freeamp: Freeamp is an MP3 audio player in Powertools 6.2 and 7.0 which uses zlib when decompressing themes. Freeamp has been patched to use the system zlib library instead of the internal version. qt-embedded: Qt is a GUI toolkit for embedded devices. qt-embedded has been updated to version 2.3.2 and recompiled against the errata zlib library. vnc: VNC is a remote display system in Powertools 6.2. VNC has been patched to use the system zlib library. In addition, there is a small HTTP server implementation in the VNC server which can be made to wait indefinitely for input, thereby freezing an active VNC session. The VNC packages recommended by this advisory have been patched to fix this issue, as well. Users of VNC should be aware the program is designed for use on a trusted network.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.


To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "[Update 20 Mar 2002:\nVNC packages updated to fix another denial of service vulnerability caused\nby the previous update. Thanks to Const Kaplinsky for discovering this\nissue.]\n  \nThe zlib compression library provides in-memory compression and  \ndecompression functions. It is widely used throughout Linux  \nand other operating systems.  \n  \nWhile performing tests on the gdk-pixbuf library, Matthias Clasen created  \nan invalid PNG image that caused libpng to crash.  Upon further  \ninvestigation, this turned out to be a bug in zlib 1.1.3. Certain  \ninput will cause zlib to free an area of memory twice (also called a  \n\"double free\").  \n  \nThis bug can be used to crash any program that takes untrusted compressed  \ninput. Web browsers or email programs that display image attachments or  \nother programs that uncompress data are particularly affected. This  \nvulnerability makes it easy to perform various denial-of-service attacks  \nagainst such programs.   \n  \nHowever, since the result of a double free is the corruption of the  \nmalloc implementation\u0027s data structures, it is possible that an attacker\ncould manage a more significant exploit, such as running arbitrary code on\nthe affected system.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Most of the packages in Red Hat Linux use the shared zlib library and can\nbe protected against vulnerability by updating to the errata zlib\npackage.  However, there have been a number of packages identified in Red\nHat Linux that either statically link to zlib or contain an internal\nversion of zlib code.\n\nAlthough no exploits for this issue or the affected packages are currently\nknown to exist, this is a serious vulnerability that could be locally or\nremotely  exploited. All users should upgrade affected packages\nimmediately.\n\nAdditionally, if you have any programs that you have compiled yourself\nyou should check to see if they use zlib. If they link to the shared\nzlib library then they will not be vulnerable once the shared zlib\nlibrary is updated to the errata package. If any programs that decompress\narbitrary data either statically link to zlib or use their own version of\nthe zlib code internally, then they need to be patched or recompiled.\n\nThe following details apply to the Powertools distribution only;\nfor packages included with the main Red Hat Linux distribution\nplease see advisory RHSA-2002:026\n\nabiword: Powertools 6.2 shipped with both statically and\ndynamically linked versions of AbiWord. The statically linked version\nis linked against the vulnerable zlib. It is recommended that users\nonly use the dynamic version.\n\nacroread: The acroread package in Powertools 7.0 contains Acrobat\nReader, a PDF viewer. This package contains an internal version of\nzlib which may be vulnerable. An update is not yet available, so users are\nadvised to view PDF documents using xpdf or ghostview.\n\namaya: Amaya is a Web browser/authoring tool. Amaya in Powertools 7.1\nhas been patched to use the system zlib, libjpeg, and libpng libraries\ninstead of the internal static versions.\n\nflash: The flash package in Powertools 6.2 and 7.0 contains an\nunofficial Shockwave(TM) Flash2/Flash3 plug-in for Netscape which uses\nan internal version of zlib. This plug-in conflicts with the official\nflash plug-in included in the netscape package and should not be used.\n\nfreeamp: Freeamp is an MP3 audio player in Powertools 6.2 and 7.0 which\nuses zlib when decompressing themes. Freeamp has been patched\nto use the system zlib library instead of the internal version.\n\nqt-embedded: Qt is a GUI toolkit for embedded devices.  qt-embedded has\nbeen updated to version 2.3.2 and recompiled against the errata zlib\nlibrary.\n\nvnc: VNC is a remote display system in Powertools 6.2. VNC has been\npatched to use the system zlib library.  \n\nIn addition, there is a small HTTP server implementation in the VNC server\nwhich can be made to wait indefinitely for input, thereby freezing an\nactive VNC session.  The VNC packages recommended by this advisory have\nbeen patched to fix this issue, as well. Users of VNC should be aware  the\nprogram is designed for use on a trusted network.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2002:027",
        "url": "https://access.redhat.com/errata/RHSA-2002:027"
      },
      {
        "category": "external",
        "summary": "http://bugzilla.gnome.org/show_bug.cgi?id=70594",
        "url": "http://bugzilla.gnome.org/show_bug.cgi?id=70594"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_027.json"
      }
    ],
    "title": "Red Hat Security Advisory: : Vulnerability in zlib library (powertools)",
    "tracking": {
      "current_release_date": "2024-11-21T22:16:55+00:00",
      "generator": {
        "date": "2024-11-21T22:16:55+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2002:027",
      "initial_release_date": "2002-03-11T18:09:00+00:00",
      "revision_history": [
        {
          "date": "2002-03-11T18:09:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2002-03-11T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:16:55+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Powertools 6.2",
                "product": {
                  "name": "Red Hat Powertools 6.2",
                  "product_id": "Red Hat Powertools 6.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:powertools:6.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Powertools 7.0",
                "product": {
                  "name": "Red Hat Powertools 7.0",
                  "product_id": "Red Hat Powertools 7.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:powertools:7.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Powertools 7.1",
                "product": {
                  "name": "Red Hat Powertools 7.1",
                  "product_id": "Red Hat Powertools 7.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:powertools:7.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Powertools"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2002-0059",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2002-03-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616731"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a \"double free\"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "zlib: Double free in inflateEnd",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Powertools 6.2",
          "Red Hat Powertools 7.0",
          "Red Hat Powertools 7.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0059"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616731",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616731"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0059",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0059"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0059",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0059"
        }
      ],
      "release_date": "2002-03-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-03-11T18:09:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Powertools 6.2",
            "Red Hat Powertools 7.0",
            "Red Hat Powertools 7.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:027"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Powertools 6.2",
            "Red Hat Powertools 7.0",
            "Red Hat Powertools 7.1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "zlib: Double free in inflateEnd"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.