Bug 61125

Summary: rpm statically linked with buggy zlib
Product: [Retired] Red Hat Linux Reporter: Chris Ricker <chris.ricker>
Component: rpmAssignee: Jeff Johnson <jbj>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 7.2Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2002-03-19 10:33:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Chris Ricker 2002-03-13 22:12:56 UTC 
As was recently noted on bugtraq, the recent zlib update of RH seems to have
missed rpm, which is statically linked with an old implementation:

[kaboom@verdande tmp]$ ./find-zlib -v /bin/rpm 
/bin/rpm: inflate version: "1.1.3 Copyright 1995-1998 Mark Adler"
/bin/rpm: deflate version: "1.1.3 Copyright 1995-1998 Jean-loup Gailly"
/bin/rpm: zlib cplens table, little endian
/bin/rpm: zlib cplext table (version 1.0.5 to 1.1.4)
/bin/rpm: zlib configuration table, little endian, 32 bit
/bin/rpm: 18 out of 18 messages
[kaboom@verdande tmp]$ rpm -qf /bin/rpm
rpm-4.0.3-1.03
[kaboom@verdande tmp]$
Comment 1 Henning Schmiedehausen 2002-03-19 10:33:00 UTC 
This also applied to the RH 6.2 version of RPM!
Comment 2 Jeff Johnson 2002-03-27 19:39:08 UTC 
Fixed (by linking against patched 1.1.3) in
Raw Hide in (at least) rpm-4.0.4-7x.9

As there's no known way to exercise the double
free in zlib from an rpm package, there won't
be an errata for 6x.