Family: Red Hat Local Security Checks --> Category: infos
RHSA-2005-584: zlib Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the zlib packages
Detailed Explanation for this Vulnerability Test
Updated zlib packages that fix a buffer overflow are now available for Red
Hat Enterprise Linux 4.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Zlib is a general-purpose lossless data compression library that is used
by many different programs.
A previous zlib update, RHSA-2005:569 (CVE-2005-2096) fixed a flaw in zlib
that could allow a carefully crafted compressed stream to crash an
application. While the original patch corrected the reported overflow,
Markus Oberhumer discovered additional ways a stream could trigger an
overflow. A possible hacker could create a carefully crafted compressed stream
that would cause an application to crash if the stream is opened by a user.
As an example, a possible hacker could create a malicious PNG image file that
would cause a Web browser or mail viewer to crash if the image is viewed.
The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned
the name CVE-2005-1849 to this issue.
Note that the versions of zlib shipped with Red Hat Enterprise
Linux 2.1 and 3 are not vulnerable to this issue.
All users should update to these errata packages that contain a patch
from Mark Adler that corrects this issue.
Solution : http://rhn.redhat.com/errata/RHSA-2005-584.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.