Bug 61410

Summary: sash is linked statically against a vulnerable zlib
Product: [Retired] Red Hat Linux Reporter: Henning Schmiedehausen <hps>
Component: sashAssignee: wdovlrrw <brosenkr>
Status: CLOSED DUPLICATE QA Contact: Aaron Brown <abrown>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.2Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2002-03-19 10:27:43 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Henning Schmiedehausen 2002-03-19 10:27:32 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.8) Gecko/20020206

Description of problem:
The sash binary is linked statically with a vulnerable zlib

Version-Release number of selected component (if applicable):
sash-3.4-2

How reproducible:
Always

Steps to Reproduce:
1. get the zlib scanner from Florian Weimer
2. /tmp/scanner.pl /sbin/sash
3. 
	

Actual Results:  /sbin/sash: inflate version: "1.1.3 Copyright 1995-1998 Mark Adler"
/sbin/sash: zlib cplens table, little endian
/sbin/sash: zlib cplext table (version 1.0.5 to 1.1.4)


Expected Results:  sash should not be linked with a vulnerable version of zlib

Additional info:

Name        : sash                         Relocations: (not relocateable)
Version     : 3.4                               Vendor: Red Hat, Inc.
Release     : 2                             Build Date: Mon Feb  7 17:33:09 2000
Install date: Wed Nov  1 18:36:26 2000      Build Host: porky.devel.redhat.com
Group       : System Environment/Shells     Source RPM: sash-3.4-2.src.rpm
Size        : 410294                           License: GPL
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Summary     : A statically linked shell, including some built-in basic commands.
Description :
Sash is a simple, standalone, statically linked shell which includes
simplified versions of built-in commands like ls, dd and gzip.  Sash
is statically linked so that it can work without shared libraries, so
it is particularly useful for recovering from certain types of system
failures.  Sash can also be used to safely upgrade to new versions of
shared libraries.
Comment 1 Bernhard Rosenkraenzer 2002-03-19 12:17:04 UTC 

*** This bug has been marked as a duplicate of 61299 ***