Red Hat Bugzilla – Bug 167298
CAN-2005-1849 Zlib Compression Library Decompression Denial of Service
Last modified: 2007-04-18 13:31:04 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20050729 Netscape/18.104.22.168
Description of problem:
05.30.28 CVE: CAN-2005-1849
Platform: Cross Platform
Title: Zlib Compression Library Decompression Denial of Service
Description: The Zlib compression library is an open source library
designed for fast compression and decompression of data. It is
susceptible to a denial of service vulnerability. This issue is due to
a failure of the library to properly handle unexpected input to its
decompression routines. Various operating systems using the Zlib
library are reported to be affected.
Version-Release number of selected component (if applicable):
John - Can you go ahead and close this bug and mark it a duplicate of bug 162680?
The CAN-2005-1849 issue has already been patched. See Bug #162680 comment 12.
Oh - if you were opening this bug for RedHat 7.3, I believe RH73 uses zlib
version 1.1.4, which is not vulnerable to CAN-2005-1849, AFAICT.
*** This bug has been marked as a duplicate of 162680 ***