Tim Yamin from Gentoo noticed that some older security related bugs in the decompression code had not been fixed in the kernel. This is fairly minor as there are few places where the kernel decompresses arbitrary data. However it could be a problem for things like zisofs (if someone mounts a malicious filesystem), perhaps cslip or ppp too). CAN-2005-2458 http://sources.redhat.com/ml/bug-gnu-utils/1999-06/msg00183.html impact=low,source=vendorsec,public=19990625 CAN-2005-2459 http://bugs.gentoo.org/show_bug.cgi?id=94584 impact=low,source=vendorsec,public=20050531 Fix for 2.6 is here, pretty much identical for 2.4: http://linux.bkbits.net:8080/linux-2.6/cset@42f3f4e9KIoV6pLtA430xgwjKh2V7g
Sergey Vlasov has done some analysis on these issues and discovered that the changes in file lib/zlib_inflate/inftrees.c are incorrect and in fact are not needed. Gentoo have agreed and therefore from the patch above please ignore the lib/zlib_inflate/inftrees.c hunk. This means that CAN-2005-2549 is dropped, but CAN-2005-2548 still applies.
Marc, do CAN-2005-2458?
i meant Mark. sorry.
Created attachment 120202 [details] Proposed patch
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2006-0101.html