As was recently noted on bugtraq, the recent zlib update of RH seems to have missed rpm, which is statically linked with an old implementation: [kaboom@verdande tmp]$ ./find-zlib -v /bin/rpm /bin/rpm: inflate version: "1.1.3 Copyright 1995-1998 Mark Adler" /bin/rpm: deflate version: "1.1.3 Copyright 1995-1998 Jean-loup Gailly" /bin/rpm: zlib cplens table, little endian /bin/rpm: zlib cplext table (version 1.0.5 to 1.1.4) /bin/rpm: zlib configuration table, little endian, 32 bit /bin/rpm: 18 out of 18 messages [kaboom@verdande tmp]$ rpm -qf /bin/rpm rpm-4.0.3-1.03 [kaboom@verdande tmp]$
This also applied to the RH 6.2 version of RPM!
Fixed (by linking against patched 1.1.3) in Raw Hide in (at least) rpm-4.0.4-7x.9 As there's no known way to exercise the double free in zlib from an rpm package, there won't be an errata for 6x.