Bug 131385 - CAN-2004-0797: inflate() and inflateBack() functions don't properly handle errors
Summary: CAN-2004-0797: inflate() and inflateBack() functions don't properly handle er...
Alias: None
Product: Fedora
Classification: Fedora
Component: zlib   
(Show other bugs)
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Jeff Johnson
QA Contact:
URL: http://www.cve.mitre.org/cgi-bin/cven...
Keywords: Security
: 131395 (view as bug list)
Depends On:
Blocks: 145267
TreeView+ depends on / blocked
Reported: 2004-08-31 20:18 UTC by Robert Scheck
Modified: 2007-11-30 22:10 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-01-29 04:15:03 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
zlib- (1.20 KB, patch)
2004-08-31 20:19 UTC, Robert Scheck
no flags Details | Diff

Description Robert Scheck 2004-08-31 20:18:06 UTC
Description of problem:
A vulnerability was reported in zlib. A remote user can cause denial 
of service conditions. Johan Thelmen reported that a specially 
crafted file can cause a segmentation fault in zlib. It is reported 
that the inflate() and inflateBack() functions do not properly handle  
errors. A user can create a file that when processed by zlib, will 
cause a segmentation fault. The specific impact depends on the 
application using zlib.

Have also a look to:

Version-Release number of selected component (if applicable):

Actual results:
I attached a patch which should solve the issue.

Expected results:
Fix of this issue for all affected versions ;-)

Additional info:
The patch originally is from Debian.

Comment 1 Robert Scheck 2004-08-31 20:19:38 UTC
Created attachment 103317 [details]

Comment 2 Robert Scheck 2004-08-31 20:31:36 UTC
It seems so, that only Fedora Core 1, 2 and Development are affected 
of this issue. Red Hat Enterprise Linux 3 has the older 1.1.4 which 
not seems to be affected, but maybe you should check this.

Comment 3 Mark J. Cox 2004-09-01 08:20:54 UTC
Correct, 1.1* is unaffected.

Comment 4 Mark J. Cox 2004-09-01 08:21:36 UTC
*** Bug 131395 has been marked as a duplicate of this bug. ***

Comment 5 Robert Scheck 2004-09-11 13:14:10 UTC
Hey, what's up - why isn't the patch for the CAN included...does it 
hurt someone?!

Comment 6 Jeff Johnson 2004-09-14 11:28:48 UTC
zlib- built in fc3; fc1 and fc2 need doing too.

Comment 7 Jeff Johnson 2004-09-21 13:26:31 UTC
-0.fc1 and -0.fc2 now bult.

Comment 8 Mark J. Cox 2004-10-07 09:30:00 UTC
Did the FC2 update get pushed and announcements sent?  I don't see it
on the update site or on fedora-announce-list.

Comment 9 Mark J. Cox 2004-11-03 12:33:30 UTC
Ping, no announcement has gone out to fedora-announce-list about this

Comment 10 Robert Scheck 2004-11-03 18:30:42 UTC
This bug is neither a FC3 nor a FC4 target bug, it's a open issue 
only for FC2 now - and thank you for sleeping such long, now FC1 
isn't supported any longer. Maybe Warren should be added for a Legacy 
update... :-(

Comment 11 Mark J. Cox 2004-11-09 09:57:10 UTC
fc2 update still not pushed to

Comment 12 Robert Scheck 2004-12-16 22:28:39 UTC
Could we please get this update for FC2 at least as christmas present? 
I don't want to find it as easter egg... ;-)

Comment 13 Enrico Scholz 2005-01-28 20:21:06 UTC
what is the state of this bug?  Is it really impossible to fix a security
relevant bug within 5 months?

Comment 14 Robert Scheck 2005-01-28 21:06:29 UTC
My last hope is, that Fedora Legacy fixes this security issue in May 
2005, when the outdated Fedora Core 2 is transfered to it...

Comment 15 Josh Bressers 2005-01-29 04:15:03 UTC
Released as FEDORA-2005-095.

Comment 16 Warren Togami 2005-01-29 06:59:40 UTC
According to jbj rebuilding these packages, even the one in FC4, should work
fine in earlier distributions.  It should be trivial for Legacy to issue updates
after proper testing.

Note You need to log in before you can comment on or make changes to this bug.