A possible buffer overflow exploit was discovered in zlib. This includes web browsers or email programs able to view PNG images (which are compressed by zlib). The most likely scenario is a Denial of Service by crashing the program that is linked to zlib. However, a possibility of priviledge escalation is suspected.
Attached is the patch for those who don't want to wait for the website and mirrors to sync. It is being added to the patches repository now followed by updates to the LFS book's development and testing branches. A 6.1-pre2 release will immediately follow all this. Other than applying the patch, there are no changes in zlib's build instructions. Any services that are linked to zlib should be restarted after the patched zlib is installed. The link for this vulnerability (just a place holder last time I looked) is: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096 -- Archaic Want control, education, and security from your operating system? Hardened Linux From Scratch http://www.linuxfromscratch.org/hlfs
Submitted By: Archaic <archaic AT linuxfromscratch D0T org> Date: 2005-07-06 Initial Package Version: 1.2.2 Upstream Status: Awaiting Acceptance Origin: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-05%3A16/zlib.patch Description: Fixes a buffer overflow vulnerability. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096 diff -Naur zlib-1.2.2.orig/inftrees.c zlib-1.2.2/inftrees.c --- zlib-1.2.2.orig/inftrees.c 2004-09-15 14:30:06.000000000 +0000 +++ zlib-1.2.2/inftrees.c 2005-07-06 17:47:31.000000000 +0000 @@ -134,7 +134,7 @@ left -= count[len]; if (left < 0) return -1; /* over-subscribed */ } - if (left > 0 && (type == CODES || (codes - count[0] != 1))) + if (left > 0 && (type == CODES || max != 1)) return -1; /* incomplete set */ /* generate offsets into symbol table for each length for sorting */
-- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
